New Windows virus attacks PHP, HTML, and ASP scripts

Discussion in 'Computer Security' started by ~BD~, Feb 12, 2009.

  1. ~BD~

    ~BD~ Guest

    Researchers have identified a new strain of malware that can spread rapidly
    from machine to machine using a variety of infection techniques, including
    the poisoning of webservers, which then go on to contaminate visitors.

    The malware is a variation of a rapidly mutating virus alternately known as
    Virut and Virux. It has long proved adept at injecting itself into
    executable files, which are then able to attack uninfected machines through
    network drives and USB sticks.

    The variant, which Microsoft is calling Virus:Win32/Virus.BM, is also able
    to infect web scripts based on languages such as PHP, ASP, and HTML. Servers
    that become infected include an iframe in webpages that attempt to spread
    malware to visitors.

    "This catapults the possibility of spreading even farther," Trend Micro
    researchers warn. "If the script files happen to be uploaded to a publicly
    accessible website, any visitor to the affected sites will be led to the URL
    embedded in the iframe code."

    The iframe surreptitiously directs visitors to (don't visit it
    unless you're a security professional), which attempts to exploit a variety
    of vulnerabilities based on the browser and other applications the user has
    installed, Microsoft researchers say. Once installed, the virus injects its
    code into various system processes such as explorer.exe and winlogon.exe and
    hooks low-level Windows APIs to ensure it stays in memory.

    The virus has also picked up some new polymorphic tricks designed to make it
    harder for anti-virus programs to detect. Among other things, it uses more
    than one layer of encryption, allowing its binary fingerprint to change but
    to preserve its malicious payload.

    Infected machines will have an IRC backdoor installed that tries to connect
    to several servers using port 80. ®
    ~BD~, Feb 12, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.