Thursday, March 22, 2012

CPE: McAfee AudioParasitic: Episode 16:W32/Virut family Parasitic

length:  00:21:42

In the last couple of weeks/months: increase of Virut Family

Bot: classified as worm
Trojan: has its own entity
Parasitic infector: basically go out to append or prepend on existing file on  target victim host

Basically parasitic will infect an existing file as oppose to dropping/loading, which is the behavior or Bot or Trojan.

We really have not see for a while these parasitic – interestingly it’s coming back.
The difficulty of repair probably is the most interesting part to write…
-          People do not realize how destructive parasitic are
-          It can take a day,week, months of man time to clean
-          Also most of the time the virus is not properly QA’d, the result after cleaning it leave a lot of corrupted file
Parasitic infector are really destructive piece of code by nature
Also the same is polymorphic
And has IRC functionality – Virut family is common

The main way of infection:
-          Unsafe browsing
-          Get into network together with another part of download

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home