new virus ?

Discussion in 'malware problems & news' started by gery, Feb 23, 2009.

Thread Status:
Not open for further replies.
  1. gery

    gery Registered Member

    Joined:
    Mar 8, 2008
    Posts:
    1,785
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    According to the article, Virux and its predecessor, Virut, infect in two ways,

    • Social engineering: the article lists infected videos and fake Microsoft updates that arrive by email

    • arriving from the internet (no details are given).
    CA Security mentions infected PDF files:

    http://community.ca.com/blogs/securityadvisor/archive/2009/02/09/infectious-virut-on-the-loose.aspx
    CA Security also did some research on getting the virus from the internet:
    The pages reveal a common technique of using an injected i-frame to send the victim to another site which downloads the virus using IE vulnerabilities, such as

    • MS05-052
    • MS06-057
    • Online Media Technologies NCTsoft NCTAudioFile2 ActiveX Buffer Overflow referred to as CVE-2007-0018.
    • MS06-067
    • MS08-078
    • MS08-041
    The fact that these patched vulnerabilities are still successful is sad. CA states,
    CONCLUSION

    EVen though Virut is a sophisticated virus once it installs, its methods of arrival are no different than those of any other malware.

    ----
    rich
     
  4. Jtaylor83

    Jtaylor83 Registered Member

    Joined:
    Jun 26, 2008
    Posts:
    16
    I got just some info from avast! webforum that Win32:Vitro is another new virus made by the authors of Virut.
     
  5. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    I did a quick search after reading your post and found this long forum thread. http://forum.avast.com/index.php?topic=42709.0

    Sounds really nasty after only reading the first page. It looks like a rebuild is the best solution.

    Rmus,

    In the link you posted, the first comment mentioned this thing surviving partition deletion and creating. I also know somebody asking if this thing infects the MBR. Have you heard anything about this or do you think people just re-infecting themselves from other media?

    Thanks,
    innerpeace
     
    Last edited: Mar 3, 2009
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Hello, innerpeace,

    Sorry, I haven't followed up on that. This exploit seems easy enough to prevent, that any further consideration didn't seem necessary.

    EDIT: I decided to ask a friend who follows MBR stuff - she's interested because Deep Freeze protects the MBR. She has seen conflicting reports as to the current Virut, but says that as far back as 2007 it supposedly infected MBR. She has these links:

    Win 32: Virut And Anticmos attacked my Win XP Professional
    http://forums.techguy.org/malware-removal-hijackthis-logs/661479-win-32-virut-anticmos-attacked.html

    Formatted because of Virut. Now MBR is messed up.
    http://www.spywareinfoforum.com/lofiversion/index.php/t108935.html

    ----
    rich
     
    Last edited: Mar 3, 2009
  7. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    No problem Rmus. I just thought I would ask if you had heard anything.
     
Loading...
Thread Status:
Not open for further replies.