Follow:

 

Virus:Win32/Cutwail.J


Virus:Win32/Cutwail.J is a member of Win32/Cutwail - a multi-component family of malware that downloads and executes arbitrary files. This functionality is mostly used to install additional Cutwail components, and other malware on an affected machine. In general, the Cutwail family is used to compromise machines and direct them in various ways at the attacker's will, usually for monetary gain. This could include using the affected machine to distribute additional malware, send spam, generate 'pay per click' advertising revenue, harvest e-mail addresses, and break CAPTCHAs. Its components are varied, but include trojan downloaders and droppers, spammers, rootkits and viruses. Cutwail also employs a rootkit and other defensive techniques to avoid detection and removal.


What to do now

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
 
 
For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.

Threat behavior

Virus:Win32/Cutwail.J is a member of Win32/Cutwail - a multi-component family of malware that downloads and executes arbitrary files. This functionality is mostly used to install additional Cutwail components, and other malware on an affected machine. In general, the Cutwail family is used to compromise machines and direct them in various ways at the attacker's will, usually for monetary gain. This could include using the affected machine to distribute additional malware, send spam, generate 'pay per click' advertising revenue, harvest e-mail addresses, and break captchas. Its components are varied, but include trojan downloaders and droppers, spammers, and viruses. Cutwail also employs a rootkit and other defensive techniques to avoid detection and removal.
 
This particular component is used in conjunction with other Cutwail components in order to perform Cutwail's payload - to download and execute arbitrary files.  Virus:Win32/Cutwail.J contains:
  • an encrypted copy of the clean Windows system file cdrom.sys
  • an encrypted copy of another driver (a malicious loader)
 
The malicious loader injects the downloading payload executable. Both of these drivers are loaded dynamically without ever being written to disk.
 
Win32/Cutwail has been observed downloading and installing different malware onto affected machines, and in particular of late, rogue security software. We have observed Cutwail.I being used to download the following rogues in the wild:
 
For more information, please see the Win32/Cutwail entry, elsewhere in our encyclopedia.
 
Analysis by Scott Molenkamp

Symptoms

There are no obvious symptoms that indicate the presence of this malware on an affected machine.

Prevention


Alert level: Severe
First detected by definition: 1.99.761.0
Latest detected by definition: 1.173.2181.0 and higher
First detected on: Mar 07, 2011
This entry was first published on: Mar 09, 2011
This entry was updated on: Apr 17, 2011

This threat is also detected as:
No known aliases