Research

Downloader + file virus – a new approach?

A few days ago we got another Trojan-Dropper.

When we analyzed it, we found out that it installs 4 files to the system. Nothing out of the ordinary for a dropper. But then we discovered that while one of the files it drops is detected as Trojan-Downloader.Win32.VB.jl, our scanner told us that the other three are infected with Virus.Win32.Parite.b

What’s all this about? Someone is trying to spread Parite? We’ve known about this virus for a number of years, and it’s still one of the most widespread classic file viruses found in the wild. But we haven’t seen it being deliberately spread for a long time.

The answer was simple, and unexpected. When we cleaned the virus from the infected files, we discovered that underneath the Parite infection, the files were infected with three other Trojan-Downloaders – WinAD.c, IstBar.is and Small.aqt, which Kaspersky Anti-Virus has detected for a long time.

All of these programs are designed to download adware onto the victim machine. So it seems likely that whoever created the original dropper didn’t know that the machine he used was infected with Parite.

On the other hand, it could just be another attempt on the part of virus writers to prevent their creations being detected by dedicated anti-adware and anti-spyware solutions, which can’t detect standard file viruses.

Downloader + file virus – a new approach?

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2024

The report features the most significant developments relating to APT groups in Q3 2024, including hacktivist activity, new APT tools and campaigns.

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

Subscribe to our weekly e-mails

The hottest research right in your inbox