After quite a while with no new activity, there’s a new Virut variant. We detect the new variant as Virus:Win32/Virut.BM. Like the previous versions, Virut is a polymorphic file infecting virus that infects PE executable files like EXE and SCR files. The virus also opens a backdoor connection to an IRC server.
This Virut variant has learned some new polymorphic tricks, so we’ve spent a couple long days (and nights) creating detection and curing. Unlike previous variants, Virus:Win32/Virut.BM also infects HTML files (see our writeup, linked below).
You can find general information about the Virut family here.
And more detailed information about the new variant is available here.
Keep your antivirus software up to date!