Symbiosis is a term commonly used to describe the relationship between two unlike organisms who interact in such a way as to provide benefits to one or both organisms, but usually not at the cost of the survival of one, as in contrast to a predatory or competitive relationship. Symbiosis usually falls into one of three categories, Parasitism, Commensualism, and Mutualism. Let’s define these terms for now in relation to natural science.
1. Parasitism- A symbiotic relationship where one organism benefits and the other is harmed. This is a well-known type of relationship is exhibited in the way a tapeworm feeds off nutrients in the digestive track or the way a mosquito feeds from the blood of the victim organism. Some parasitic relationships can be deadly and others more benign. But even if in a small way, one organism is adversely affected.
2, Commensalism - A symbiotic relationship where one organism benefits and the other is not significantly harmed or helped. A spider building a web on a plant is a good example. Some animals rely for their dwellings on the abandoned dens of others. Egrets are often seen walking around herds of cattle, eating insects stirred up by the activity.
3. Mutualism – This is perhaps the most interesting form of symbiosis. In this relationship, both organisms benefit from each other. Certain birds eat parasitic insects from the ears and mouths of larger animals. The clownfish and the anemone protect one another. Many examples could be given for this kind of symbiosis.
Now that we’ve defined our terms, we can now see how this applies to malware.
There has always been a symbiotic relationship between malware and the system which it infects. Historically, the symbiosis has take an parasitic form. A computer is infected by a virus, and the results have been corrupted/destroyed files, pop-ups, or a system which no longer even boots. The authors of malware were motivated by notoriety. Having their customized “you’ve been pwned!” graphic appear on the screens of millions of now incapacitated systems was their lofty goal.
The malware trend has shifted toward a more commensualistic symbiosis as the motivations behind its creation has shifted. Malware is written more for the purpose of financial gain than it is for notoriety and infamy. The contrast is stark. Attackers want to do nothing that would draw attention to their presence in your system. They would rather you carry on as usual while they use your bandwidth and processor power for their purposes. Doing harm or displaying banners is completely out of the question and counter-productive for their purposes.
This relationship has no benefit for the victim. On the contrary, the victim’s resources are being used by the attacker. In this respect, malware fails to completely rise above the level of parasite. But for the average user, these liberties being taken by the malware largely go unnoticed. It is usually not the end-user who notices the malware but instead network adminstrator who notices the strange amount of traffic traversing his perimeter. The user is adversly affected, but only slightly, and the less the attacker can affect your system and have attention drawn to his presence, the better. The attacker strives for a purely commensalistic symbiosis.
This brings up mutualism. Does Malware ever appear in this kind of symbiosis? To my knowledge, it does not. However, imagine, if you will, an end user carelessly clicking a link and being presented the following message:
“The software you are about to install will increase your system performance by at least 20 percent and protect you from many forms of malware.”
We see something similar to this with the fake Malware remove websites. The victim is presented with progress bars and drive letters making him think that the software is cleaning malware, when instead it’s installing very bad stuff. But this is not mutualism, in which both organisms truly benefit.
What if, however, the Malware actually DID increase system peformance? What if it did protect the system from other malware?
The real question is, if malware were installed on a system where it did add that system to a botnet and use resources, but it actually boosted performance or provided some other benefits to that user, would that user care?
In future, I will post more about this and the specific application for various kinds of malware.
David H.