Sneaky parasytic virus injects Winlogon.exe beyond change!

[polonus]

Hi malware fighters,

Infecting users through malicious codecs and films is a very popular thing to do for malcreants, these infections are often hard to detect. Virusresearchers now found a new variant of thet Kibik virus that injects itself as an a part of Winlogon.exe that is not used. Unlike other malware it does not change the size of the file that way. It does not leave any traces in the Windows registry nor does it change other files. Still the malware is loaded every time the machine starts.

Once infected the attacker has full control over the machine, as the malware starts to download other malware files. This variant is being spread by codecs, but other versions also are available as web exploit. McAfee calls this malware a "sneaky parasytic virus", and only few anti-malware products detect it.
See: http://www.avertlabs.com/research/blog/index.php/2008/01/04/w32kibikb-seeking-them-out-from-your-codecs-and-winlogonexe/

[Lisandro]

A new variant of thet Kibik virus that injects itself as an a part of Winlogon.exe that is not used.

I know Outpost Pro firewall check injection codes... but I don't know how it works?
Is there a way to get protected against code injection?

only few anti-malware products detect it.

Which are?

[YLAP]

I'm starting to hate these things recently. Sneaky injectors, Bho's recently are spreading all over the net and it's harder and harder to detect these nasty things...  Sorry for off-topic but soon I'll doo the best thing to protect myself - to cut a dsl wire 

[polonus]

Hi Ylap,

Was this the firewall you had in mind?

pol

[YLAP]

Even the same model and firmware version