|
Malware type: File infector
Aliases: Worm.Win32.Fujack.aa (Kaspersky), W32/Fujacks.s (McAfee), W32.Fujacks.E (Symantec), TR/Proxy.Delf.CA (Avira), W32/Fujacks-AL (Sophos), Virus:Win32/Viking.JB (Microsoft)
In the wild: Yes
Destructive: No
Language: English
Platform: Windows 98, ME, NT, 2000, XP, Server 2003
Encrypted: No
|
|
|
Description:
File infectors survive in the changing threat environment by adapting to it. PE_FUJACKS, a young family of file infectors discovered in the last quarter of 2006, exemplifies this. It has taken on the traits that characterize the prevailing threat landscape: multi-component, sequential, focused, Web-based, and profit-driven. To read a comprehensive article detailing PE_FUJACKS's routines and goals, click here: PE_FUJACKS: Jacking Up to the Times. |
This is the Trend Micro detection for files infected by PE_FUJACKS.EA-O. It may arrive on a system as a file downloaded by unsuspecting users while visiting Web sites.
Upon execution, it saves and executes a clean copy of its host file in the same folder using the same file name with another EXE file name extension. For example, if the infected file is EXCEL.EXE, it drops a clean copy as EXCEL.EXE.EXE. The infected file then becomes a mother file, which Trend Micro detects as PE_FUJACKS.EA-O.
This file infector creates a batch file in the Windows Temp folder to delete the mother file and rename the host file to its original file name. However, in some instances, the batch file is not created and the host files and clean copies are left as is.
For additional information about this threat, see:
Solution
Technical Details
Description created: Feb. 5, 2007 11:04:52 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
