Win32.Murofet: what day is today?

Discussion in 'malware problems & news' started by Dermot7, Oct 10, 2010.

Thread Status:
Not open for further replies.
  1. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    " Murofet is able to infect executable files by injecting about 2000 bytes of its code at the end of the PE executable section; then the OEP is hijacked to the virus body.

    This small viral code acts as a downloader, used by Murofet to drop on the system its main binary. When the infected file is run, the injected code imports some APIs used by the malware to create a new viral thread and then allows the original infected application to run."

    Looks sophisticated? Thought some might like to see, from Prevx blog:

    http://www.prevx.com/blog/158/WinMurofet-what-day-is-today.html
     
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Thanks for the link etc :thumb:
     
Loading...
Thread Status:
Not open for further replies.