Discovered: May 13, 2006
Updated: May 14, 2006 5:41:43 AM
Also Known As: PE_VIRUT.A [Trend]
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows 2000
W32.Virut.A is a virus that infects executable files and opens a back door on TCP port 65520 by connecting to a predefined IRC server.
The virus creates an event named VT_3 so that only one copy of the threat runs on the compromised computer.
It will infect any accessed .exe or .scr file by appending itself to the executable. However it will not infect files starting with one of the following strings:
WC32
WCUN
WINC
The virus opens a back door on TCP port 65520 by connecting to the Proxima.ircgalaxy.pl IRC server on channel &virtu using a random nick name.
The back door allows an attacker to download files onto the compromised computer.
Writeup By: Mircea Ciubotariu
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine