Versatile and infectious: Win64/Expiro is a cross-platform file infector

From Botnets.fr
Jump to: navigation, search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Versatile and infectious: Win64/Expiro is a cross-platform file infector
Botnet Expiro
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2013 / 2013-07-30
Editor/Conference ESET
Link http://www.welivesecurity.com/2013/07/30/versatile-and-infectious-win64expiro-is-a-cross-platform-file-infector/ (Archive copy)
Author Artem I. Baranov
Type Blogpost

Abstract

Recently, our anti-virus laboratory discovered an interesting new modification of a file virus known as Expiro which targets 64-bit files for infection. File-infecting viruses are well known and have been studied comprehensively over the years, but malicious code of this type almost invariably aimed to modify 32-bit files. One such family of file viruses, called Expiro (Xpiro), was discovered a long time ago and it’s not surprising to see it today. However, the body of this versatile new modification is surprising because it’s fully cross-platform, able to infect 32-bit and 64-bit files (also, 64-bit files can be infected by an infected 32-bit file). According to our naming system the virus is called Win64/Expiro.A (aka W64.Xpiro or W64/Expiro-A). In the case of infected 32-bit files, this modification is detected as Win32/Expiro.NBF.

Bibtex

 @misc{Baranov2013BFR1359,
   editor = {ESET},
   author = {Artem I. Baranov},
   title = {Versatile and infectious: Win64/Expiro is a cross-platform file infector},
   date = {30},
   month = Jul,
   year = {2013},
   howpublished = {\url{http://www.welivesecurity.com/2013/07/30/versatile-and-infectious-win64expiro-is-a-cross-platform-file-infector/}},
 }