The malware infects portable executable files, such as .exe and .scr, and is therefore able to spread from machine to machine, according to Microsoft. Each time it propagates, Virut uses polymorphism -- or mutated code -- to evade detection.
Once on a machine, the virus opens a backdoor, connecting with an internet relay chat (IRC) server, which allows a remote attacker to download additional malware onto the computer, Jimmy Kuo, principal architect for the Malware Protection Center, told SCMagazineUS.com.
Typically, with past variants of Virut, users did not know when they were infected.
"However, the additional complexity of this particular variant will likely cause instability in affected systems," Kuo said.
The virus was responsible for shutting down the court system in Houston, Texas this week. About 475 of the city's 16,000 computers were affected by the virus, which first appeared last Wednesday and was identified Sunday, Frank Michel, a mayor's spokesman, told SCMagazineUS.com.
"It was a new variant, so the protection companies hadn't created their patches yet," Michel said.
So far this week, the city has suspended court hearings but hopes to resume them on Thursday, he said.
"All of those 475 [infected machines] were isolated and are now being scrubbed," Michel said. "In some cases, they're rebuilding servers."
Updated anti-virus may not always be enough to rectify the virus. According to Microsoft, Virut can destroy certain files beyond repair, meaning companies may be required to install a clean version of the operating system to return a machine to a safe state.
See original article on scmagazineus.com
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
