Plexus B virus hit us today

Better update your virus defs. This trojan was found about 2 or 3 days ago. Here's some more info on it :

http://www.viruslist.com/eng/viruslist.html?id=1635442

 

how do you get it?

 

Good place to keep updated with different viruses that come out and if they have fixes for them which are usually free.

http://www.symantec.com/avcenter/

 

Attachment i've received 4 today or

I-Worm.Plexus.b spreads via local networks and the Internet as an attachment to infected messages. It also spreads via file-sharing networks, and exploits a vulnerability in MS Windows LSASS. It is very similar to I-Worm.Plexus.a, with a few insignificant differences.

On launching, Plexus.b copies itself to the Windows\System32 folder under the upu.exe. It then installs a file named setupex.exe to the Windows\System32 folder, and a file named svchost.exe to the Windows root directory.

Setupex.exe is TrojanProxy.Win32.Webber.h, a Trojan proxy program. The program is writtten in Microsoft Visual C++, and is 47779 bytes in size. svchost.exe is the main module of Plexus.b. It is written in Microsoft Visual C++ and compressed using FSG. The compressed file is 16224 bytes in size and 57857 bytes when decompressed. The text inside this file is encrypted, and contains the line:

"-== KAV I'm Expletus !!!. Made in China. ==-"
The worm registers this file in the system register auto-run key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
InternetServ=path to executable file
It also creates the mutex Expletus.b, to flag its presence in the system, ensuring that only one copy of the worm can be executed.

Propagation via local and file sharing networks.
The worm copies itself to the file-sharing folder and to all accessible network resources under the following names:

AVP5.xcrack.exe
InternetOptimizer1.05b.exe
Shrek_2.exe
ICQ04noimageCrk.exe
UnNukeit9xNT.exe
YahooDBMails.exe
hx00def.exe
ICQBomber.exe
The worm is otherwise identical to I-Worm.Plexus.a