W32.SafeSys.Worm

Discussion in 'Prevx Releases' started by Dark Star 72, Jul 17, 2009.

Thread Status:
Not open for further replies.
  1. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I'm unfamiliar with this threat but I've PM'd "developers" to see if I can get my hands on any additional information.

    This isn't the first infection to do this, however - the most recent MBR rootkit bypasses every disk protection program we could find as well.
     
  3. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    703
    Thanks for reply Joe. Could you keep us informed please, I'm sure this is of concern to many of us.
     
  4. cqpreson

    cqpreson Registered Member

    Joined:
    May 18, 2009
    Posts:
    348
    Location:
    China
    Does this worm only aim at Windows 32 system?It seems that it can't run on Windows 7.
     
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We checked a sample from the original poster and we have been blocking this threat since March (why VT says we don't detect it I have no idea...).

    It is indeed an interesting infection and uses a different technique from what we've found and what we've seen before. Let the arms race continue! :)
     
  6. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    It should work fine on 32bit versions of Windows 7 - I haven't tested it on x64 but the technique which they're using to write under the filters can work fine on x64 as well so if it doesn't work on x64, it is probably just a superficial issue.
     
Thread Status:
Not open for further replies.