1
Updates on Virut variant: Virus:Win32/Virut.BB on Fri Oct 02, 2009 3:26 am
DragonMaster Jay
Site Owner
Virus:Win32/Virut.BB is a polymorphic virus that infects files with the EXE or SCR file extension. It may open a backdoor connection, allowing a remote attacker to download and run files on the infected computer.
Spreads Via...
File infection
Win32/Virut.BB disables Windows System File Protection (SFP) by injecting code into 'winlogon.exe'. The injected code modifies 'sfc_os.dll' in memory. which in turn allows the virus to infect files protected by SFP.
Virus:Win32/Virut.BB
is an appending virus that writes its code in the last sections of EXE
and SCR files. Unlike some variants of Virut, which hides the virus
entry point, Win32/Virut.BB modifies the entry point of the file to
point to the virus code. The virus body is polymorphic and
XOR-encrypted using a word key that changes at every iteration of its
decryption loop.
Read more on this variant: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Virus%3aWin32%2fVirut.BB
Spreads Via...
File infection
Win32/Virut.BB disables Windows System File Protection (SFP) by injecting code into 'winlogon.exe'. The injected code modifies 'sfc_os.dll' in memory. which in turn allows the virus to infect files protected by SFP.
Virus:Win32/Virut.BB
is an appending virus that writes its code in the last sections of EXE
and SCR files. Unlike some variants of Virut, which hides the virus
entry point, Win32/Virut.BB modifies the entry point of the file to
point to the virus code. The virus body is polymorphic and
XOR-encrypted using a word key that changes at every iteration of its
decryption loop.
Read more on this variant: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Virus%3aWin32%2fVirut.BB
..........................................................
DragonMaster Jay
Owner/Administrator/Operator Cheetah-Fast Services
Advanced Malware Analysts Group Owner
Kaspersky Anti-Virus 2012: Click Here 
Sun Feb 05, 2012 3:10 pm by 
