virut


Just happened to review our signature against virut-infected Web pages, and I would say, the infection is still very active until now. W32/Virut.CE is known to infect Web pages (HTML, ASP, and PHP) by injecting malicious iframe that redirects visiting users to Web sites serving malicious PDF and SWF files with different kinds of exploits. However, Virut is not the only agent of this iframe injection. Just minutes ago, I've searched a couple of infected Web sites specific for this injection compromise, and here's a good example. Figure 1 shows... [Read More]
by RSS Rex Plantado  |  Sep 01, 2009  |  Filed in: Security Research
Last week, an online user reported to us that he cannot access some AV websites while he doesn't have problem with Google.com and Yahoo.com. He also added that he thinks his computer might be infected with the notorious Virut malware. Hmm... wait a minute, Virut doesn't include web site blocking capability just like how Conficker.C did a couple of months ago. So we asked a couple of samples immediately for us to verify his intuitions. Not surprisingly, its indeed a slightly modified version of W32/Virut.CE. I wasn't surprised because this... [Read More]
by RSS Rex Plantado  |  Jul 29, 2009  |  Filed in: Security Research
Tags: virut
Many threat trends have continued as we head into August 2009. I have highlighted notable items below from our July 2009 Threat Landscape report, which can be found on Fortinet's FortiGuard Center. Mobile threat development continues: In July we saw the emergence of SymbOS/Yxes.E and SymbOS/Yxes.F, the latest updated variants of Yxes that we first reported on in February. For further details, check out this blog post that is well worth the read: in particular, Yxes' served up dynamic content via JSP indeed shows the beginning steps as to how cyber... [Read More]
by RSS Derek Manky  |  Jul 27, 2009  |  Filed in: Security Research
With modern threats moving to multiple attack vectors, end users and clients need to be extra cautious. Malicious links are coming fast and furious through layered attacks - bundled up in obfuscated javascript, or on your favorite social networking site. The core of these attacks are quite primitive, and in fact, in most cases nearly identical with the end goal to install malicious payload on a target. Ultimately, the front end of these attacks have moved up higher into the application layer, riding on complex services while the back end (core)... [Read More]
by RSS Derek Manky  |  Jul 08, 2009  |  Filed in: Security Research
Our April 2009 Threat Landscape Report is now available, recapping a month of threat activity from exploits and malware, to spam. Here are some key movements from the report along with comments: Waledac is one of the most active malware families to be on the lookout for. This period, we saw a fifth campaign hit since the beginning of this year, serving up malicious variants disguised as SMS spying software. With frequent campaigns, heavy server side polymorphism, binaries packed with fluctuating seed lists (portions of its network), and peer to... [Read More]
by RSS Derek Manky  |  Apr 28, 2009  |  Filed in: Security Research
Our March 2009 Threat Landscape Report is now available, recapping a month of threat activity from exploits and malware, to spam. Here are some key movements from the report along with comments: After a year long battle, W32/Virut.A finally lands in top spot - surpassing Netsky. This parasitic file infector proves to be quite virulent, and has generated enough activity to land in our malware top 10 for twelve solid months. On top of infecting multiple local files on a PC, the virus can spread through file shares and/or removable media such as USB... [Read More]
by RSS Derek Manky  |  Mar 27, 2009  |  Filed in: Security Research
Back in 2004, several mass mailing worms spread in unprecedented fashion: MyDoom, Bagle, and Netsky. Netsky had instructions to remove MyDoom and Bagle, leaving this message in one of its variants: "We are the skynet--you can't hide yourself [Read More]
by RSS Derek Manky  |  Mar 16, 2009  |  Filed in: Security Research