Throwback Thursday: Double Trouble / The Perfect Couple

Posted by   Virus Bulletin on   May 14, 2015

Once again this Throwback Thursday, we bring you not one but two (related) pieces from the archives as VB heads back to the mid-90s when a new era of viruses was believed to be dawning.

In general, the experts of the anti-malware industry get things more or less right. Predictions may take longer to come to fruition than expected, or may not be quite as game-changing as expected, but by and large, the experts in this industry have a good feel for the way things will go — whether a new threat will become widespread, whether infections on a new platform will take off, and so on.

However, the mid-90s saw what experts at the time believed was the beginning of a new era of viruses, when two 'multicellular' (not to be confused with multipartite) viruses appeared. These viruses each had two components ('odd' and 'even', or 'male' and 'female'), which both needed to be present in order for successful infection to take place.

The first virus of this type, Dichotomy, had 'odd' and 'even' components. When a file infected with the 'odd' component was executed, the virus looked for a file infected with 'even' code, installing itself into memory only if that part was found. A little later on came RMNS, the two parts of which ('male' and 'female') installed themselves into memory independently of each other, but infection could only take place if both sections of the code were resident in memory at the same time and on the same computer.

While Dichotomy was believed to be only an experimental virus, which could never become prevalent in the wild, RMNS was thought to herald the beginning of another branch of electronic evolution: the era of multicellular (or binary) viruses. Of course, with the benefit of hindsight, we know that viruses did not abandon their 'monosexual existence' — nevertheless, these two viruses make interesting museum specimens. And while actual viruses have become quite rare in today's malware landscape, multi-stage malware has become rather common.

Eugene Kaspersky analysed both viruses for VB. Read about Dichotomy here in HTML-format, or download it here as a PDF, and read about RMNS here in HTML-format, or download it here as a PDF (no registration or subscription required).

Posted on 14 May 2015 by Helen Martin



Latest posts:

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.