Virulent Strain of Virut Virus Comes in the Wild
On February 11, 2009 Software Giant- Microsoft- cautioned that a specifically nasty version of Virut Virus has been released and companies should ensure that their anti-virus software are updated to tackle the new threat.
The security experts of Microsoft claim that the malware infects the portable executable files and is able to circulate across systems. The virus can target uninfected systems through USB sticks and network drives.
The researchers' study reveals that the virus has also adopted some latest polymorphic tricks created to make it tougher for anti-virus software to detect. Also, it uses more than a single layer of encryption, which allows its binary fingerprint to alter while restoring its harmful payload.
The virus can also infect web-scripts based on languages like HTML, ASP and PHP. Servers that are attacked consist of an iframe in web pages that try to circulate malware to the users.
Trend Micro researchers have cautioned that this can increase the chances of circulating even farther. If the script files are uploaded in a publicly accessible site, it could led the visitors to the attacked websites to link attached with the iframe code.
Chief architect for the malware Protection Center, Jimmy Kuo, says that once on a system, the virus opens a backdoor which connects with an Internet Relay Center (IRC) server and allows a remote attacker to install extra malware on the system, as reported bySCMAGAZINE on February 11, 2009.
The report also adds that after installation the virus inserts its code in various system mechanisms like winlogon.exe and explorer.exe and targets low-level Windows APIs in order to stay in the system's memory.
Security experts inform that it is a new variant, so the protection firms had not made their patches yet. They also claim that having updated anti-virus software are not just sufficient to tackle the virus. Microsoft also adds that Virut can damage some files which are irreparable, implying firms may have to download a clean version of the operating system to restore the system to its safe state.
» SPAMfighter News - 25-02-2009