New Malware 'Virux' Spreading Rampant in US
A new strain of malware that can spread rapidly from machine to machine using a variety of infection techniques, including the poisoning of web servers which then go on to contaminate visitors, has reportedly been identified by Security Researchers. (Source: theregister.co.uk)
The malware, dubbed VIRUX by security researchers at Trend Micro, is spreading around the globe, but seems to be propagating faster in the U.S. than anywhere else. (Source: trendmicro.com)
VIRUX appears to be more complex than its cousin VIRUT and has the ability to circumvent Microsoft's Windows Firewall security software. (Source: eweek.com)
Infector Chooses Multiple Infection Styles
The Malware Infectors Choose Any Of The Following Infection Styles:
- Like a tooth cavity, the virus inserts its code into available spaces within the normal file appending
- The virus inserts its code after the normal file's code prepending
- The virus inserts its code before the normal file's code entry-point, a complex infection technique used to evade immediate detection
Stunned by its effectiveness, a TrendLabs researcher recently wrote, "VIRUX hunts down target files and infects them using more than one infection technique and sometimes more than one encryption routine." (Source: trendmicro.com)
VIRUX can and will infect both .EXE and .SCR files, turning them into variants of VIRUX themselves. Once infected, the infected PC connects to IRC (Internet Relay Chat) servers where it joins a channel to receive and execute commands on the affected PC.
VIRUX Also Infects Script Files
Apart from the routine mentioned above, what sets VIRUX apart from VIRUT is that it also infects script files. For .PHP, .ASP and .HTML files, VIRUX inserts a malicious IFrame code which is automatically loaded when the script files are opened.
If the script files happen to be uploaded to a publicly accessible website, any visitor to the affected sites will be led to the malicious URL embedded in the IFrame code that automatically downloads other malicious files to your PC.
A pretty thorough breakdown of how the virulent virus has changed has been composed by Websense Researcher Nicolas Brulez who concludes:
"Many aspects of the Virut virus have changed, making newer variants much more effective. The fact that it infects running processes makes it very virulent. If you move a file that matches the requirements in the infected code onto an infected machine, it is instantly infected. The virus also uses the SFC (System File Checker) functions to make sure Windows won't pop up an error message if a Windows file is infected. The fact that it infects Web pages makes it even more virulent, as Webmasters could and probably do upload infected HTM/ASP/PHP pages, leading to various exploits that target their visitors." (Source: websense.com)
Microsoft researchers say that once your system is infected, it injects its code into various system processes such as explorer.exe and winlogon.exe and hooks low-level Windows APIs (Application Program Interface) to ensure that it stays in memory. Information regarding Win32/Virut as well as prevention tips are available from Microsoft. (Source: microsoft.com)
Perhaps the safest advice is also the simplest: avoid those sites you don't trust 100%.
Visit Bill's Links and More for more great tips, just like this one!
Infopackets Top Windows 10 FAQs
How to Upgrade from Windows 10 32-bit to 64-bit
How to Fix: Windows 10 Antivirus Missing, Not Compatible
How to Fix: Windows 10 Display Shifted; Screen Fuzzy
How to Upgrade Windows 7, 8 32-bit to Windows 10 64-bit
to Downgrade from Windows 10
- How to Fix: Windows 10 Upgrade Failed Error C1900208
- How to Fix: Windows 10 Upgrade Failed Error 80240020
- Can I Cancel my Windows 10 Reservation and Reserve Later?
- How to Clean Install Windows 10 using Windows 7, 8 License
- Will Windows 10 Install Automatically?
- Windows 10 Upgrade: Do I have to Reinstall Programs?
- Windows 10 Upgrade: Can I choose 32-bit or 64-bit?
- Which Version of Windows 10 Will I Get (Home or Pro)?
- How to Reserve Windows 10 Upgrade (Free)
- How to Fix: CPU Not Compatible with Windows 10 Error
- Windows 10 Upgrade: Can I keep my Old Windows Install?
- How to Cancel Windows 10 Reservation (Properly)
- Download Windows 10 .ISO (DVD) for Clean Install?
- Microsoft: Windows 10 Will Be The Last Version
- Does Windows 10 require the CPU to support PAE?
- Windows 10: Can I Upgrade or do I need a Clean Install?
Click here for more Windows 10 articles.