{
  "family": "virut",
  "sample_count": 1578,
  "category": "file_infector",
  "description": "Virut is a long-running polymorphic file-infecting virus first seen in 2006 that infects Windows PE files and HTML documents while also functioning as a botnet for spam and additional payload delivery. Its polymorphic engine produces highly varied infections that complicate signature-based detection. The Virut command-and-control infrastructure was disrupted by Polish authorities in 2013, though the file infector continues to be encountered in legacy environments.",
  "cta": "If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance.",
  "aliases": [],
  "enrichment_level": "hand-curated",
  "faq": [
    {
      "@type": "Question",
      "name": "What is Virut?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Virut is a long-running polymorphic file-infecting virus first seen in 2006 that infects Windows PE files and HTML documents while also functioning as a botnet for spam and additional payload delivery. Its polymorphic engine produces highly varied infections that complicate signature-based detection. The Virut command-and-control infrastructure was disrupted by Polish authorities in 2013, though the file infector continues to be encountered in legacy environments."
      }
    },
    {
      "@type": "Question",
      "name": "How does Virut spread?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Virut is a polymorphic file infector spreading through infected executables, web HTML injection, and removable media, with a takedown of its infrastructure by Polish CERT in 2013."
      }
    },
    {
      "@type": "Question",
      "name": "What are the signs of a Virut infection?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Modified executables across the system, injected iframes in local HTML files, and AV detections for Virut are signature."
      }
    },
    {
      "@type": "Question",
      "name": "What should I do if I think I have Virut on my system?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "If you suspect this malware on your system, do not attempt manual removal. Contact SystemHelpdesk expert MSP support at 855-783-7555 for professional incident response guidance."
      }
    }
  ],
  "faq_count": 4,
  "mitre_attack": [
    "T1027",
    "T1547.001"
  ],
  "cisa_advisory": null,
  "last_updated": "2026-05-27"
}