Versatile and infectious: Win64/Expiro is a cross-platform file infector
(Publication) Google search: [1]
Versatile and infectious: Win64/Expiro is a cross-platform file infector | |
---|---|
Botnet | Expiro |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2013 / 2013-07-30 |
Editor/Conference | ESET |
Link | http://www.welivesecurity.com/2013/07/30/versatile-and-infectious-win64expiro-is-a-cross-platform-file-infector/ (Archive copy) |
Author | Artem I. Baranov |
Type | Blogpost |
Abstract
“ Recently, our anti-virus laboratory discovered an interesting new modification of a file virus known as Expiro which targets 64-bit files for infection. File-infecting viruses are well known and have been studied comprehensively over the years, but malicious code of this type almost invariably aimed to modify 32-bit files. One such family of file viruses, called Expiro (Xpiro), was discovered a long time ago and it’s not surprising to see it today. However, the body of this versatile new modification is surprising because it’s fully cross-platform, able to infect 32-bit and 64-bit files (also, 64-bit files can be infected by an infected 32-bit file). According to our naming system the virus is called Win64/Expiro.A (aka W64.Xpiro or W64/Expiro-A). In the case of infected 32-bit files, this modification is detected as Win32/Expiro.NBF.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1359, editor = {ESET}, author = {Artem I. Baranov}, title = {Versatile and infectious: Win64/Expiro is a cross-platform file infector}, date = {30}, month = Jul, year = {2013}, howpublished = {\url{http://www.welivesecurity.com/2013/07/30/versatile-and-infectious-win64expiro-is-a-cross-platform-file-infector/}}, }