Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Downloader.Win32.VB.JL (includes Parite and Adware attacks)

  Kaspersky documents a new combined risk of a downloader, adware agent, and file infector all combined into a single attack.  It's important to be careful with email and URLs or attachments that might be in untrusted messages. 

Downloader.Win32.VB.JL + Parite File Infector
http://www.viruslist.com/en/weblog?calendar=2005-07

QUOTE:  A few days ago we got another Trojan-Dropper. When we analyzed it, we found out that it installs 4 files to the system. Nothing out of the ordinary for a dropper. But then we discovered that while one of the files it drops is detected as Trojan-Downloader.Win32.VB.jl, our scanner told us that the other three are infected with Virus.Win32.Parite.b

What's all this about? Someone is trying to spread Parite? We've known about this virus for a number of years, and it's still one of the most widespread classic file viruses found in the wild. But we haven't seen it being deliberately spread for a long time.

The answer was simple, and unexpected. When we cleaned the virus from the infected files, we discovered that underneath the Parite infection, the files were infected with three other Trojan-Downloaders - WinAD.c, IstBar.is and Small.aqt, which Kaspersky Anti-Virus has detected for a long time.

All of these programs are designed to download adware onto the victim machine. So it seems likely that whoever created the original dropper didn't know that the machine he used was infected with Parite. On the other hand, it could just be another attempt on the part of virus writers to prevent their creations being detected by dedicated anti-adware and anti-spyware solutions, which can't detect standard file viruses.

Comments

MattM said:

This seems to have been popping again. ePO/V8.5 are stopping it.

# April 7, 2008 8:44 AM