Virus:Win32/Cutwail.J is a member of Win32/Cutwail - a multi-component family of malware that downloads and executes arbitrary files. This functionality is mostly used to install additional Cutwail components, and other malware on an affected machine. In general, the Cutwail family is used to compromise machines and direct them in various ways at the attacker's will, usually for monetary gain. This could include using the affected machine to distribute additional malware, send spam, generate 'pay per click' advertising revenue, harvest e-mail addresses, and break captchas. Its components are varied, but include trojan downloaders and droppers, spammers, and viruses. Cutwail also employs a rootkit and other defensive techniques to avoid detection and removal.
This particular component is used in conjunction with other Cutwail components in order to perform Cutwail's payload - to download and execute arbitrary files. Virus:Win32/Cutwail.J contains:
The malicious loader injects the downloading payload executable. Both of these drivers are loaded dynamically without ever being written to disk.
Win32/Cutwail has been observed downloading and installing different malware onto affected machines, and in particular of late, rogue security software
. We have observed Cutwail.I being used to download the following rogues in the wild:
Analysis by Scott Molenkamp
There are no obvious symptoms that indicate the presence of this malware on an affected machine.