Over 2 years have gone by since we’ve seen a true virus in the wild. Since the meaning of a “true” virus may be simply forgotten in today’s flux of Internet worms, by “true virus” we mean the good old file infectors, also called parasitic viruses which attach themselves to executable files on your disk. Yes, like CIH or Funlove for example. And yet…
On July 13 we received the first sample of Tenga – a true blue virus. We were surprised, but we let it it go. Tenga.a was followed by Tenga.b and finally Tenga.c, which arrived just yesterday. Tenga is a classic appending virus, but it has borrowed features from more modern malware: it can spread like a worm given the opportunity and also has a downloader function.
But modern features aside, Tenga is a good old classic virus, where the main goal is to self-replicate as much as possible. Once your machine is infected, you can end up with hundreds of infected files, all of which will then attempt to download Trojan-Downloader.Win32.Small.bdc.
It now remains to be seen whether this is a fluke or whether more virus writers will return to true viruses.