Troj/Virtum-Gen

Category: Viruses and Spyware Protection available since:18 Oct 2007 14:05:06 (GMT)
Type: Trojan Last Updated:16 Aug 2010 13:23:28 (GMT)
Prevalence: Major Outbreak

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Virtum-Gen, also known as Virtumundo, is a family of malware which is used as a distribution network for other malicious software. Troj/Virtum-Gen is most commonly encountered as a dll file which is injected into web browsers. The Trojan then modifies search results, displays popups and downloads other malware.

Troj/Virtum-Gen is a large family, with new versions of the Trojan released frequently, somtimes more than once per day. It also uses server side polymorphism in an attempt to conceal new versions from anti-virus scanners.

Troj/Virtum-Gen is usually installed into the system folder as a dll with a randomly generated name, usually 8 characters long, such as qonfxmme.dll or pwygsrbl.dll

Several examples of the behavior of Troj/Virtum-Gen are described in the SophosLabs blog:
Virtumundo - a malware distribution service
A Virtual World of Mal-Intent
Send malware the easy way...

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy