Do you all know who Frankenstein is? Wikipedia tells us that it is ‘a novel written by Mary Shelley about an experiment that produces a monster’ (Wikipedia, 2012: Search String ‘Frankenstein’). While this is the name of the novel, the main protagonist who creates the monster is Doctor Frankenstein. The monster itself does not have a name and is referred to using different labels ‘such as “monster”, “demon”, “devil”, “fiend”, “wretch” and “it”‘ (Wikipedia, 2012: Search String ‘Frankenstein’).
A couple of days ago, an IT security company (#bitdefender) made the announcement that something called ‘Frankenware’ has been discovered. Obviously, this is a term combining ‘Frankenstein’ and ‘malware’. Without further research we already know that is must be some kind of program which is capable of doing harm to our information systems (#malware). We also know that it has to be some kind of mesh-up or patchwork of other things (#frankenstein).
In order to explain what Frankenware is, let us first have an overview over what a worm and a virus are. Computer viruses can have different impact on your computer. However, their impact is destructive and it is difficult to target the use of a virus. A virus spreads from one computer to the other inter alia by infecting executable files.
A computer worm ‘is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer’ (Wikipedia, 2012: Search String ‘Computer worm’).
The malwares, Frankenware consists of, are a virus and a worm. It has not yet been identified if Frankenware can be produced by any combinations of viruses and worms but for now it is safe to assume that more than one kind of virus and worm can form a frankenware. While a computer worm can be an executable file, virusses infect executable files. If a virus infects a worm, we can regard it as ‘Frankenware’. Opposed to the monster Frankenstein which was deliberately created, BitDefender mentioned that frankenware evolved by itself. However, it is possible to force the creation of a piece of frankenware.
Two interesting things are the outcome of this evolution. 1. When the worm spreads, it takes the virus with it (#payload). The is virus metaphorically the equestrian on the worm. A worm-rider. 2. Every piece of malware can be identified by anti-malware programs according to the way they are coded (#heuristics). As long as an anti-malware database does not include the signature of a piece of malware, it will not be detected. Even though the heurestics of a $worm A and a $virus B are known and included in the database, the new $frankenware C has a different heurestic and therefore evades anti-malware programs as long as their databases are not updated (#suckstohaveitonyourcomputer).
Bottom line: two pieces of annoying malware may create a new piece of even more annoying malware which does not only do double harm to your information system but also evades your IT line of defense. Oh and this new piece of malware replicates itself and spreads of networks.
Nota bene: Frankenware is a wrong term because Dr. Frankenstein was the creator of the monster and not the monster itself. Therefore, it should be called ‘monsterware’, ‘demonware’, ‘devilware’ or maybe ‘wretchware’.