Results for virus

Threat Research

Virut iframe injection spree continues

Just happened to review our signature against virut-infected Web pages, and I would say, the infection is still very active until now. W32/Virut.CE is known to infect Web pages (HTML, ASP, and PHP) by injecting malicious iframe that redirects visiting users to Web sites serving malicious PDF and SWF files with different kinds of exploits. However, Virut is not the only agent of this iframe injection. Just minutes ago, I've searched a couple of infected Web sites specific for this injection compromise, and here's a good example. Figure 1 shows...

By Rex PlantadoSeptember 01, 2009

Threat Research

New Virut Strain Blocks AV/Security Web sites

Last week, an online user reported to us that he cannot access some AV websites while he doesn't have problem with Google.com and Yahoo.com. He also added that he thinks his computer might be infected with the notorious Virut malware. Hmm... wait a minute, Virut doesn't include web site blocking capability just like how Conficker.C did a couple of months ago. So we asked a couple of samples immediately for us to verify his intuitions. Not surprisingly, its indeed a slightly modified version of W32/Virut.CE. I wasn't surprised because this...

By Rex PlantadoJuly 29, 2009

Threat Research

July 2009 Threat Landscape : Active zero-days, Yxes upgrades, Web threats continue to grow

Many threat trends have continued as we head into August 2009. I have highlighted notable items below from our July 2009 Threat Landscape report, which can be found on Fortinet's FortiGuard Center. Mobile threat development continues: In July we saw the emergence of SymbOS/Yxes.E and SymbOS/Yxes.F, the latest updated variants of Yxes that we first reported on in February. For further details, check out this blog post that is well worth the read: in particular, Yxes' served up dynamic content via JSP indeed shows the beginning steps as to how cyber...

By Derek MankyJuly 27, 2009

Threat Research

Spawning grounds

With modern threats moving to multiple attack vectors, end users and clients need to be extra cautious. Malicious links are coming fast and furious through layered attacks - bundled up in obfuscated javascript, or on your favorite social networking site. The core of these attacks are quite primitive, and in fact, in most cases nearly identical with the end goal to install malicious payload on a target. Ultimately, the front end of these attacks have moved up higher into the application layer, riding on complex services while the back end (core)...

By Derek MankyJuly 08, 2009

Threat Research

April Threat Landscape Report: Waledac, Online Gaming and Virut

Our April 2009 Threat Landscape Report is now available, recapping a month of threat activity from exploits and malware, to spam. Here are some key movements from the report along with comments: Waledac is one of the most active malware families to be on the lookout for. This period, we saw a fifth campaign hit since the beginning of this year, serving up malicious variants disguised as SMS spying software. With frequent campaigns, heavy server side polymorphism, binaries packed with fluctuating seed lists (portions of its network), and peer to...

By Derek MankyApril 28, 2009

Threat Research

March Threat Landscape Report: Virut, Conficker and social engineering

Our March 2009 Threat Landscape Report is now available, recapping a month of threat activity from exploits and malware, to spam. Here are some key movements from the report along with comments: After a year long battle, W32/Virut.A finally lands in top spot - surpassing Netsky. This parasitic file infector proves to be quite virulent, and has generated enough activity to land in our malware top 10 for twelve solid months. On top of infecting multiple local files on a PC, the virus can spread through file shares and/or removable media such as USB...

By Derek MankyMarch 27, 2009

Threat Research

Virut infecting worms, hitching a ride

Back in 2004, several mass mailing worms spread in unprecedented fashion: MyDoom, Bagle, and Netsky. Netsky had instructions to remove MyDoom and Bagle, leaving this message in one of its variants: "We are the skynet--you can't hide yourself

By Derek MankyMarch 16, 2009