New Scribble Virus Damages Files Beyond Repair

According to malware researchers at Sophos, an antivirus vendor, a fresh virus known as Scribble has surfaced on the Internet. This virus, apart from infecting the regular files stored on a computer, corrupts many of them to such an extent that they become irreparable.

Sophos, which identified the virus as W32/Scribble-A, says that the malware bears a link with the Virut and Vetor family of viruses. However, Scribble is not a mere modification of these malware programs but more like a rewrite. Additionally, it displays several enhancement features such as the capability of infecting files that are written in various scripting languages.

Furthermore, Scribble represents a polymorphic worm because whenever it corrupts a legitimate file, it changes its own malicious code so that no antivirus can detect it, said the security researchers. Moreover, Scribble attaches its code to legitimate files at locations it chooses randomly, a technique known as mid-infecting.

In addition, the virus injects an iframe that corrupts the web scripting files placed on a computer. The malicious iframe takes the user to a web page infused with an obfuscated JavaScript that in turn introduces a number of exploits to attack the system. Among these exploits, one particularly contains a malicious PDF file that targets an Adobe Reader loophole.

Security specialists state that with a successful exploitation, an .exe file recognized as W32/Virut-Gen gets downloaded. Thus, ccording to malware Analyst Richard Cohen at SophosLabs Canada, the latest W32/Scribble-A is crafting iframes that lead to the already known W32/Virut-Gen code. After evaluating the functioning of the virus, Cohen suggests that the two viruses are inter-linked, as reported by SoftPedia on February 11, 2009.

Cohen further points out that the worm reflects a major issue that of its misinfections. Misinfection means that the worm fails to properly corrupt an .exe file, often harming it so much that it cannot be repaired.

Security expert also state that these observations of the virus are only the beginning, as it would propagate more intensely in the upcoming months when more of its variants would be unleashed.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 2/27/2009