Versatile and infectious: Win64/Expiro is a cross-platform file infector
(Publication) Google search: [1]
| Versatile and infectious: Win64/Expiro is a cross-platform file infector | |
|---|---|
| Botnet | Expiro |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2013 / 2013-07-30 |
| Editor/Conference | ESET |
| Link | http://www.welivesecurity.com/2013/07/30/versatile-and-infectious-win64expiro-is-a-cross-platform-file-infector/ (Archive copy) |
| Author | Artem I. Baranov |
| Type | Blogpost |
Abstract
“ Recently, our anti-virus laboratory discovered an interesting new modification of a file virus known as Expiro which targets 64-bit files for infection. File-infecting viruses are well known and have been studied comprehensively over the years, but malicious code of this type almost invariably aimed to modify 32-bit files. One such family of file viruses, called Expiro (Xpiro), was discovered a long time ago and it’s not surprising to see it today. However, the body of this versatile new modification is surprising because it’s fully cross-platform, able to infect 32-bit and 64-bit files (also, 64-bit files can be infected by an infected 32-bit file). According to our naming system the virus is called Win64/Expiro.A (aka W64.Xpiro or W64/Expiro-A). In the case of infected 32-bit files, this modification is detected as Win32/Expiro.NBF.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1359,
editor = {ESET},
author = {Artem I. Baranov},
title = {Versatile and infectious: Win64/Expiro is a cross-platform file infector},
date = {30},
month = Jul,
year = {2013},
howpublished = {\url{http://www.welivesecurity.com/2013/07/30/versatile-and-infectious-win64expiro-is-a-cross-platform-file-infector/}},
}