Several variants from PE_VIRUT family are running amok. The very first PE_VIRUT was detected May last year. As of yesterday, four variants were reported to be in the wild with infection reports coming in from six different countries.
The new variants are not very different from the first PE_VIRUT. One and all target files with extensions .EXE and .SCR. All have backdoor capabilities. All variants are also capable of using different infection techniques that can either be appending, cavity, overwriting, or EPO (entry point obscuring).
Share this article