New Malware 'Virux' Spreading Rampant in US
A new strain of malware that can spread rapidly from machine to machine using a variety of infection techniques, including the poisoning of web servers which then go on to contaminate visitors, has reportedly been identified by Security Researchers. (Source: theregister.co.uk)
The malware, dubbed VIRUX by security researchers at Trend Micro, is spreading around the globe, but seems to be propagating faster in the U.S. than anywhere else. (Source: trendmicro.com)
VIRUX appears to be more complex than its cousin VIRUT and has the ability to circumvent Microsoft's Windows Firewall security software. (Source: eweek.com)
Infector Chooses Multiple Infection Styles
The Malware Infectors Choose Any Of The Following Infection Styles:
- Like a tooth cavity, the virus inserts its code into available spaces within the normal file appending
- The virus inserts its code after the normal file's code prepending
- The virus inserts its code before the normal file's code entry-point, a complex infection technique used to evade immediate detection
Stunned by its effectiveness, a TrendLabs researcher recently wrote, "VIRUX hunts down target files and infects them using more than one infection technique and sometimes more than one encryption routine." (Source: trendmicro.com)
VIRUX can and will infect both .EXE and .SCR files, turning them into variants of VIRUX themselves. Once infected, the infected PC connects to IRC (Internet Relay Chat) servers where it joins a channel to receive and execute commands on the affected PC.
VIRUX Also Infects Script Files
Apart from the routine mentioned above, what sets VIRUX apart from VIRUT is that it also infects script files. For .PHP, .ASP and .HTML files, VIRUX inserts a malicious IFrame code which is automatically loaded when the script files are opened.
If the script files happen to be uploaded to a publicly accessible website, any visitor to the affected sites will be led to the malicious URL embedded in the IFrame code that automatically downloads other malicious files to your PC.
A pretty thorough breakdown of how the virulent virus has changed has been composed by Websense Researcher Nicolas Brulez who concludes:
"Many aspects of the Virut virus have changed, making newer variants much more effective. The fact that it infects running processes makes it very virulent. If you move a file that matches the requirements in the infected code onto an infected machine, it is instantly infected. The virus also uses the SFC (System File Checker) functions to make sure Windows won't pop up an error message if a Windows file is infected. The fact that it infects Web pages makes it even more virulent, as Webmasters could and probably do upload infected HTM/ASP/PHP pages, leading to various exploits that target their visitors." (Source: websense.com)
Microsoft researchers say that once your system is infected, it injects its code into various system processes such as explorer.exe and winlogon.exe and hooks low-level Windows APIs (Application Program Interface) to ensure that it stays in memory. Information regarding Win32/Virut as well as prevention tips are available from Microsoft. (Source: microsoft.com)
Perhaps the safest advice is also the simplest: avoid those sites you don't trust 100%.
Visit Bill's Links and More for more great tips, just like this one!
Free guide: Windows 7 -- Free Quick Reference Card. Ask any pro computer user and they'll tell you: having to constantly reach for the mouse not only causes strain on your neck and back - it also slows you down. Imagine being able to control your computer the way it was meant to be - using your keyboard! With this guide, you'll learn to dramatically increase productivity using the best ways to navigate, organize, and manage your Windows PC and its contents. Most importantly: the majority of these shortcuts, tips, and tricks are valid for any PC, netbook, and laptop running Windows XP, Vista, and 7. Use it to brush up on the basics and to find alternate methods to your favorite commands. This printable quick reference guide is yours to use, distribute, and share! Click here to download this guide now! Note: this guide is free, but registration is required; after that, you can select more ebooks and videos for download without registering again. If you have questions / problems with the registration form, please read this.