virus logo Virus

W32/Virut.fam

description-logoAnalysis

  • This virus infects running processes by writing the virus code to the target processes and creates a remote thread to execute it. It avoids infecting some important system processes:
  • Creates a named event to ensure that only one instance of the virus runs on the compromised computer.
  • Connects to an IRC server to await instructions and commands from a malicious user. These commands can cause the infected machine to download malicious files.
    •

    Telemetry logoTelemetry

    Detection Availability

    FortiGate
    Extended
    FortiClient
    FortiMail
    FortiSandbox
    FortiWeb
    Web Application Firewall
    FortiIsolator
    FortiDeceptor
    FortiEDR

    Version Updates

    Date Version Detail
    2023-05-02 91.02896
    2021-07-27 87.00933
    2020-01-23 74.74100 Sig Updated
    2019-08-27 71.17600 Sig Updated
    2019-05-03 68.25100 Sig Updated
    2019-05-03 68.25000 Sig Updated
    2019-03-13 67.02500 Sig Updated
    2018-10-26 63.71800 Sig Updated
    2018-09-25 62.46700 Sig Updated
    ID 253082
    Released Nov 02, 2006
    Description
    Updated    		 Nov 02, 2006
    Aliases W32/Virut.a virus, W32/Virut-A, PE_VIRUT.A
    Platform Profile Win32 file format / PE 32 bit