Blog for hpHosts, and whatever else I feel like writing about ....

Tuesday, 16 February 2010

Alert: Infected Drivers CD?

Here's some news from the ESET Virus Lab in Slovakia. One of our clients encountered an interesting infection within his network.

The problem seemed to originate from the drivers CD that comes with the device he bought, the Habey BIS-6550HD, a fanless Atom-powered system, though we haven't seen the CD itself. Our analysis of the CD image supplied by the customer, which seems to date from July 2009, confirmed that it contains a set of files infected by 2 different viruses:
  1. Win32/Viking.CH
  2. Win32/Xorer.NAJ
Altogether, 25 executables were infected. Furthermore, 15 HTM files were infected (detected by us Win32/Xorer.AW) by the insertion of an IFRAME redirect, originating with infection by the Xorer virus. .

Both of these infiltrations are prepending viruses. Win32/Xorer is also classified as an Autorun worm. Both are described in our virus encyclopaedia, though the descriptions don't refer to the exact same variants: one describes Win32/Viking.AU and the other describes Win32/Xorer.BU.

Read more

No comments: