Amidst spammed Trojan downloaders, there are still file-infecting viruses circulating in the wild. Just recently, we’ve received malicious files that are actually infected samples of a new virus. When executed, the virus drops its DLL component file, which it injects into running process in order to achieve memory residency. The virus infects EXE and DLL files in the affected system and as an additional propagation vector, it also may arrive through dropped files in network shares. Furthermore, the virus is capable of downloading 3 malicious programs: 3.EXE, 4AND1.EXE, and AD003.EXE. These downloaded files are detected by Trend Micro as TROJ_AGENT.DWY, TSPY_DELF.CIL, and TSPY_LINEAGE.ATH, respectively. Removal of this malware is difficult as the virus also has rootkit capabilities, which allows it to hide its files and processes from an affected user.
Trend detects this malware threat as PE_VBAC.A. It is detected using pattern 3.717.00続きを読む