new virus ?

Came across this readings and it was something i thought to share here and probably some of you already know this
http://blog.trendmicro.com/virux-cases-escalate/

 

You will find more information looking for Virut.
I personally like this article:
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html
And for a more technical explanation (way over my head):
http://www.teamfurry.com/wordpress/2007/02/15/under-the-hood-virut/

 

According to the article, Virux and its predecessor, Virut, infect in two ways,

• Social engineering: the article lists infected videos and fake Microsoft updates that arrive by email
  
  
• arriving from the internet (no details are given).

CA Security mentions infected PDF files:

http://community.ca.com/blogs/securityadvisor/archive/2009/02/09/infectious-virut-on-the-loose.aspx

CA Security also did some research on getting the virus from the internet:

The pages reveal a common technique of using an injected i-frame to send the victim to another site which downloads the virus using IE vulnerabilities, such as

• MS05-052
• MS06-057
• Online Media Technologies NCTsoft NCTAudioFile2 ActiveX Buffer Overflow referred to as CVE-2007-0018.
• MS06-067
• MS08-078
• MS08-041

The fact that these patched vulnerabilities are still successful is sad. CA states,

CONCLUSION

EVen though Virut is a sophisticated virus once it installs, its methods of arrival are no different than those of any other malware.

----
rich

 

I got just some info from avast! webforum that Win32:Vitro is another new virus made by the authors of Virut.

 

I did a quick search after reading your post and found this long forum thread. http://forum.avast.com/index.php?topic=42709.0

Sounds really nasty after only reading the first page. It looks like a rebuild is the best solution.

Rmus,

In the link you posted, the first comment mentioned this thing surviving partition deletion and creating. I also know somebody asking if this thing infects the MBR. Have you heard anything about this or do you think people just re-infecting themselves from other media?

Thanks,
innerpeace

 

Hello, innerpeace,

Sorry, I haven't followed up on that. This exploit seems easy enough to prevent, that any further consideration didn't seem necessary.

EDIT: I decided to ask a friend who follows MBR stuff - she's interested because Deep Freeze protects the MBR. She has seen conflicting reports as to the current Virut, but says that as far back as 2007 it supposedly infected MBR. She has these links:

Win 32: Virut And Anticmos attacked my Win XP Professional
http://forums.techguy.org/malware-removal-hijackthis-logs/661479-win-32-virut-anticmos-attacked.html

Formatted because of Virut. Now MBR is messed up.
http://www.spywareinfoforum.com/lofiversion/index.php/t108935.html

----
rich

 

No problem Rmus. I just thought I would ask if you had heard anything.