Saturday, 20 August 2011

Polymorphic File Infectors

I was reading this article today on Securelist about a new virus Kaspersky picked up called Virus.Win32.Xpaj.gen. It's a polymorphic file infector.

What are they and what makes them dangerous?

Essentially a polymorphic file infector injects malicious code into every .exe file on a machine and damages them beyond repair. This new virus works the same way as Win32.Sality virus, it spreads via USB so no doubt if this new infection starts to spread bigtime, it will cause mayhem on computers. Luckily the other infections that use this file infecting techniques aren't seen often so lets hope we only see a minimum of this new infection.

What can be done

As expected with malware nowadays, this one also comes with backdoor capabilities, and sadly with polymorphic file infectors there is nothing that can be done, the damage caused to a machine is too severe, and as I've seen with other infections like this, like the Rammit & Virut families, there is nothing that can be done to combat it.

The one warning I can give is the word of warning people to switch off autorun in Windows (even though Windows Updates now does this) to prevent infected USB hardware infecting your machines. Even though this update from Windows should of reached the majority of users by now, I still see lots of machine with autrun switched on, my old college machines for example.

The only way out is to fully format the WITHOUT backing anything up as backed up files are likely to be infected as well.

Here is another article about Sality & Virut by another amazing member of the security community meikimoes, worth reading.

No comments:

Post a Comment