Changeup virus gets Staples. 04082013

Social and Political Published April 8, 2013 at 1:40 pm No Comments

Many customers in our shop ask if they are the only victims of virus attacks, but you know up front that is not the case. Some seem more susceptible than others but almost know one is completely secured. Last week Spamhaus posted that they were attacked. Spamhaus is an organization or a project that maintains black-lists of companies and sites that are identified for spam and malware distribution.

This week another big target was hit Staples. Spamhaus suffered denial of service attacks, but staples was hit with the Changeup Worm. This worm is capable of spreading itself across network systems by infecting removable and mapped drivers. Symantec says the primary function of this virus is to distribute malware for money. However, in an article from CRN they indicate that the virus also installs a file sharing program. The CRN article points out that the initial distributions of this virus are often Spam and Malicious links in Social Networks. In the article “Staples Corporate Systems Hit With Malware Attack” Robert Westervelt additionally wrote this about the Changeup activity:

Once it gains a presence on systems, the worm contacts a remote command-and-control server and downloads additional malware. Security firms have identified Changeup downloading banking Trojans, including Zeus and the peer-to-peer Zbot Trojan, but the malware frequently changes.

The Changeup worm exhibits characteristics typically found in a Trojan, according to U.K.-based security firm Sophos, which also provided analysis of it in November.

So as stated in the past no network is safe from these types of attacks, but no attempt to protect would be a disaster. This particular virus is also has Polymorphism characteristics which means that it changes or the author changes it to make it more difficult to stop. It is this characteristic that makes it nearly impossible to stop every time even for some of the best endpoint security devices.