YoKenny Posted February 22, 2009 Share Posted February 22, 2009 Keep your anti virus definitions up to date as removing Virut is not easy Virut and other File infectors - Throwing in the Towel? I actually wanted to blog about this last week, but didn't find the time yet... In the last couple of weeks, I noticed a HUGE increase of Virut present on computers. As a matter of fact, 30% of the infected computers I analyzed were infected with Virut. This is bad, really bad... :-( Virut is a Polymorphic File Infector that infects .EXE and .SCR files. It opens a Backdoor by connecting to a predefined IRC Server and waits for commands from the remote attacker - for example to download/run more malware on the compromised computer. Emails may be harvested as well. This latest variant may also search for htm, html, asp and php files on the drives and modifies them by inserting an iframe that points to a malicious website. So you can already imagine what may happen if the owner is a webdesigner and uploads the infected webpages. An excellent write up on this latest variant (and previous one) can also be found here (by Nicolas Brulez): http://securitylabs.websense.com/content/Blogs/3300.aspx http://miekiemoes.blogspot.com/2009/02/vir...s-throwing.html "Education is what remains after one has forgotten everything he learned in school." - Albert Einstein IE7Pro user Link to comment Share on other sites More sharing options...
Humpty Posted February 22, 2009 Share Posted February 22, 2009 Gave the sample below a run. Virus Total Sandboxie contained it easily as it couldn't or wouldn't run sandboxed. Installed it into an XP vm and trust me, it's one of the worst I've seen and a system destroyer. Downloaded heaps of data from the net including a rootkit, two other viruts and a coupla trojans. Dunno why it needs to download those additional malwares as it does enough damage by itself in needing a reimage or format reinstall. The vm came through ok after being in Returnil mode and deleting all changes after testing. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now