Aliases: Virus.Win32.Agent.u, W32/Juler.A, W32/Lujer, PE_REULJ.A
Variants: W32/Lujer.dam, W32/Lujer!eee492ee521e, W32/Lujer

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 12 May 2009
Damage: Low

Characteristics: The W32.Lujer is designed to target 32-bit Portable Executable files that make use of the EXE file format in all drives attached to the computer system. It normally functions by adding its codes at the start of the EXE file format to affect its entry point allowing it to take control of the application before it is actually launched. This routine effectively infects a vulnerable computer system without arousing user suspicion.

More details about W32.Lujer

Upon execution of the W32.Lujer it will locate an EXE file extension and create a single section that is added at the start of the application's code. This one section has a corresponding two section table entries using the JLEUR name. As a result of an infection from the W32.Lujer malware, the corrupted file will increase in size by one kilobyte. When an application infected by this threat is activated a new EXE format file will be targeted. The W32.Lujer will continue this routine in alphabetical order from the C drive and move on to the next drive when all EXE format files have been infected by this threat. At times this threat can lead to a failure of execution for the infected program.

One of the more obvious signs of an attempted attack from the W32.Lujer is that the executable file usually has a filename using Chinese characters. This trigger file can be sent to various systems in a number of ways from spiked email messages to connecting to Peer to Peer file sharing networks. The W32.Lujer may infect a system without requiring user intervention. This means that simply accessing an infected email message can trigger the routine which will establish its presence in the vulnerable machine. The W32.Lujer attempts to remain hidden in the system background to deliver its intended payload uninterrupted.