The malware used to install Virut exploits only well knows bugs, meaning that users who are running antivirus software on fully patched systems will probably not be infected.
The Web site for Indian antivirus vendor AvSoft Technologies has been hacked and is being used to install malicious software on visitors' computers, security researchers said last week.
The technique used on the site has been seen in thousands of similar hacks over the past few months. The attackers open an invisible iFrame Window within the victim's browser, which redirects the client to another server. That server, in turn, launches attack code that attempts to install malicious software on the victim's computer.
AvSoft, based in New Delhi, sells an antivirus product called SmartCOP and has sold a second antivirus product called Smartdog. The company, which is not well-known in the U.S., also specializes in recovering data lost due to virus attacks. The company could not be reached for comment Thursday afternoon.
Nobody knows how the malware got onto the Web site in the first place. News of the hack was reported on the Full Disclosure security discussion list on Thursday.