is a dangerous
family of polymorphic
file infectors which encrypts its code differently with each infection...meaning that the viral code inserted into each infected file is unique. Typically the virus infects executable files with .exe extensions in all drives, and steals user login credentials which it sends back to the attacker. It also allows backdoor access and control to the infected computer, lowers Internet Explorer settings and includes functionality to inject malicious code into web pages visited.File Infector EXPIRO Hits US, Steals FTP Credentials
This attack used exploit kits (in particular Java and PDF exploits) to deliver file infectors onto vulnerable systems. Interestingly, these file infectors have information theft routines, which is a behavior not usually found among file infectors. These malware are part of PE_EXPIRO family, file infectors that was first spotted spotted in 2010. In addition to standard file infection routines, the variants seen in this attack also have information theft routines, an uncommon routine for file infectors.
The virus infects all .exe files (32-bit and 64-bit) on the compromised computer and also on mapped or removable drives (C to Z).
The virus may install Firefox or Chrome extensions and perform the following actions:
• monitor browser activity
• redirect users to malicious URLs
The virus may steal the following information from the compromised computer:
• Product IDs
• System volume information
• Windows system information
• Email addresses
• Online banking information, including account numbers
Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat
and reinstall the OS. Please read:
Backdoors and What They Mean to You
Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system
This is what Jesper M. Johansson
, Security Program Manager at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?
The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).