File Infector Takes Infection Up a Notch

The latest malware threats from across the security forums

Moderators: Admin Team, Moderators

User avatar
Posts: 1856
Joined: Mon Jul 20, 2009 4:35 am
Area Of Expertise: General guidance and advice
experience: Not only can I turn PC on, I know most of its functions too
PC time: Alot more than I should
Location: Kent, UK

File Infector Takes Infection Up a Notch

Postby Spudz » Wed Oct 07, 2009 7:54 am

File Infector Takes Infection Up a Notch
1:17 am (UTC-7) | by Det Caraig (Technical Communications)

Trend Micro threat analysts were alerted to the discovery of a not-so-common file infector. Unlike usual file infectors that only do simple modifications to the files they infect, PE_XPAJ.A does complex modifications to hide its malicious code.

Though it shares some characteristics with other PE variants, it is considered more than the average file infector. For instance, security experts will have a harder time finding its malicious code by ensuring that affected files do not exhibit any obvious sign of infection.

The file infector infects .DLL, .EXE, .SCR, and .SYS files in the following folders:

* %Program Files%
* %Windows%

It uses a polymorphic-entry point obscuring (EPO)-cavity type of infection, which is capable of moving some of the host file’s codes to another location. The malware encrypts its signature in a different way every time it executes as well as the instructions for carrying out the encryption. It hides its entry point in order to avoid detection. Instead of taking control and carrying out its actions as soon as an application is used or run, it allows it to work correctly for a while before taking action.

Read more: ... z0TGIxzH9v ... p-a-notch/
Spam - Uninteresting garbage quickly deleted.
Spammer - A parasitic worm intent on creating internet misery.


Return to “Latest Malware Threats”

Who is online

Users browsing this forum: No registered users and 3 guests