Internet viruses have for some time targeted anti-virus tools with their destructive payloads, but Winevar, which is spreading in the wild this week, tries to execute a denial of service attack against Symantec Corp’s web site, an anti-virus firm warned this week.
Kaspersky Labs warned that Winevar attempts to remove all security programs, including anti-virus, firewall and debugger software, from memory and disk. It then installs the FunLove virus on the machine and tries to DoS symantec.com with an HTTP flood.
The virus attempts to exploit two security holes in Internet Explorer, components of which are used to render HTML in email clients including Outlook, to run itself without any required user intervention. If the system is patched but the user launches the attachments anyway, they are also infected.