NEWS FROM THE LAB - Friday, June 15, 2007

WinHex Virus? Here you go... Posted by Alexey @ 14:45 GMT


From time to time there appear proof-of-concept viruses for various platforms and applications that have their own scripting language interpreters. Almost a year ago a proof-of-concept virus for IDA (Interactive Disassembler Pro) appeared. IDA is our primary tool for reverse-engineering malware. No one in the industry was infected. As far as we know.

A few days ago someone sent us a new proof-of-concept virus. This time it was for WinHex, the powerful computer forensics, data recovery, and IT security tool. The virus prepends itself to all available .WHS (WinHex script) files. The infected WinHex scripts stop working and the only thing that they can do at that point is to spread the virus further. We named the virus "Vred.A". Here's a short description for the virus…

The developer of WinHex has been notified of the case.