PE_VIRUT.A |
|
| BugsAlert Home > PE_VIRUT.A | |
|
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
Malware Overview This file infector spreads by infecting running processes that use .EXE and .SCR extensions. It checks whether the target processes are files that are of portable executable (PE) format. It then appends its code to infect target processes. It avoids processes and files with certain strings in their file names. In addition, this file infector has backdoor capabilities. It opens port 65520 and connects to a specific Internet Relay Chat (IRC) server. Once connected, it assigns itself a specific nick and allows a remote user to download files into the affected system. This routine effectively compromises the affected system's security. Original Source: http://feeds.trendmicro.com/~r/MalwareTop10/~3/200013019/default5.asp Learn more about PE_VIRUT.A |
|
| Tags: virut.a | |
Related Items |
|
|
Spam Buys Tickets to Euro 2008
|
|
|
CVE-2008-1199 (Dovecot)
|
|
|
FrSIRT - Macrovision InstallShield One-Click Install ActiveX Vulnerability
|
|
|
MS07-040 - Critical: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212) - Version:1.3
|
|
|
Brief: Adobe releases critical Flash update
|
|
|
CVE-2008-1849 (joomlaexplorer)
|
|
|
FrSIRT - Titan FTP Server "User" and "Pass" Commands Buffer Overflow Issues
|
|
