A new research report from website security firm Sucuri provides an inside look at what happens when two competing malicious codes battle for the same territory.
According to a Tuesday blog post, Sucuri researchers recently investigated an online vBulletin database that appeared to be infected with a web shell. While analyzing a plug-in table within the database, the researchers found two records with the same name, both fraudulently posing as init_startup plugins.
Further examination revealed that they two separate sets of malicious code, both designed to establish a backdoor that would give hackers access to the database. "This indicates the likelihood of at least two different attackers exploiting the same vulnerability through an automated system and adding the same malware," the blog explains.
Unfortunately for the second attackers, the existence of the original malicious plug-in rendered their code moot and nonfunctional. In other words, “Their attack simply infected the already existing plugin,” wrote Sucuri. The outcome could have been a lot worse, warned the company, noting that incompatible infections could potentially crash a website.