A few days ago we got another Trojan-Dropper.
When we analyzed it, we found out that it installs 4 files to the system. Nothing out of the ordinary for a dropper. But then we discovered that while one of the files it drops is detected as Trojan-Downloader.Win32.VB.jl, our scanner told us that the other three are infected with Virus.Win32.Parite.b
What’s all this about? Someone is trying to spread Parite? We’ve known about this virus for a number of years, and it’s still one of the most widespread classic file viruses found in the wild. But we haven’t seen it being deliberately spread for a long time.
The answer was simple, and unexpected. When we cleaned the virus from the infected files, we discovered that underneath the Parite infection, the files were infected with three other Trojan-Downloaders – WinAD.c, IstBar.is and Small.aqt, which Kaspersky Anti-Virus has detected for a long time.
All of these programs are designed to download adware onto the victim machine. So it seems likely that whoever created the original dropper didn’t know that the machine he used was infected with Parite.
On the other hand, it could just be another attempt on the part of virus writers to prevent their creations being detected by dedicated anti-adware and anti-spyware solutions, which can’t detect standard file viruses.
Downloader + file virus – a new approach?