Jump to content

Virut and other File infectors - Throwing in the Towel?


YoKenny

Recommended Posts

Keep your anti virus definitions up to date as removing Virut is not easy

Virut and other File infectors - Throwing in the Towel?

 

I actually wanted to blog about this last week, but didn't find the time yet...

In the last couple of weeks, I noticed a HUGE increase of Virut present on computers. As a matter of fact, 30% of the infected computers I analyzed were infected with Virut. This is bad, really bad... :-(

 

Virut is a Polymorphic File Infector that infects .EXE and .SCR files. It opens a Backdoor by connecting to a predefined IRC Server and waits for commands from the remote attacker - for example to download/run more malware on the compromised computer. Emails may be harvested as well.

This latest variant may also search for htm, html, asp and php files on the drives and modifies them by inserting an iframe that points to a malicious website. So you can already imagine what may happen if the owner is a webdesigner and uploads the infected webpages.

An excellent write up on this latest variant (and previous one) can also be found here (by Nicolas Brulez): http://securitylabs.websense.com/content/Blogs/3300.aspx

http://miekiemoes.blogspot.com/2009/02/vir...s-throwing.html

"Education is what remains after one has forgotten everything he learned in school." - Albert Einstein

IE7Pro user

Link to comment
Share on other sites

Gave the sample below a run.

Virus Total

 

Sandboxie contained it easily as it couldn't or wouldn't run sandboxed.

 

Installed it into an XP vm and trust me, it's one of the worst I've seen and a system destroyer.

 

Downloaded heaps of data from the net including a rootkit, two other viruts and a coupla trojans.

 

Dunno why it needs to download those additional malwares as it does enough damage by itself in needing a reimage or format reinstall. :unsure:

 

The vm came through ok after being in Returnil mode and deleting all changes after testing.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.