W32.Aemrant
W32.Aemrant is an “autorun” worm that will propagate by creating a duplicate copy of itself to fixed and removable USB drives. W32.Aemrant also lowers security settings on the infected computer by ending security-related process. More
Worm
W32.SillyFDC.BDN
W32.SillyFDC.BDN is a worm that will download additional malicious files on to the infected computer. W32.SillyFDC.BDN will propagate by creating a copy of itself on removable drives and execute it using an Autorun.Inf file. More
WORM_PALEVO.AZA
WORM_PALEVO.AZA is a worm that will drop its own malicious executable files on target computer and propagates via instant messaging programs like Skype and Yahoo Messenger. WORM_PALEVO.AZA will create its own registry entries to execute itself automatically when Windows is started.
W32.SillyFDC.BDM
W32.SillyFDC.BDM is a worm that propagates by creating a copy of itself on removable USB and mapped network drives. W32.SillyFDC.BDM executable usually masquerades as a popular computer games to attract victims into running the file.
Damage Level: Low
Systems Affected: Windows 9x, 2000, XP, Windows Vista
[expand title="Show More Details" swaptitle="Hide Details"]
Characteristics
When executed, W32.SillyFDC.BDM will drop a copy of itself on root drive as an executable game file common to many. The worm also modifies registry to add own entries that will allow self-execution at Windows start-up.
Distribution
To spread W32.SillyFDC.BDM, it will create a duplicate copy on removable USB drive as well as mapped network drives. Random file name is used to avoid duplicate copies and avoid suspicion from infected computer users. For a complete list of file names associated with this worm, please see the “Associated Files and Folder” area.
Associated Files and Folders:
[%SystemDrive%, Removable Drives, Mapped Drives]\Games Flash\Doraemon Adventure.exe [%SystemDrive%, Removable Drives, Mapped Drives]\Games Flash\Game Kartu.exe [%SystemDrive%, Removable Drives, Mapped Drives]\Games Flash\Guitar Hero 4.exe [%SystemDrive%, Removable Drives, Mapped Drives]\Games Flash\Keyboard Hangman.exe [%SystemDrive%, Removable Drives, Mapped Drives]\Games Flash\Mario Bross.exe [%SystemDrive%, Removable Drives, Mapped Drives]\Games Flash\Misteri Raja Pocong.exe [%SystemDrive%, Removable Drives, Mapped Drives]\Games Flash\Naruto Classic.exe [%SystemDrive%, Removable Drives, Mapped Drives]\Games Flash\PacMan Millenium.exe [%SystemDrive%, Removable Drives, Mapped Drives]\Games Flash\Permainan Acak.exe [%SystemDrive%, Removable Drives, Mapped Drives]\Games Flash\Playboy Mansion.exe [%SystemDrive%, Removable Drives, Mapped Drives]\Games Flash\Spyderman.exe [%SystemDrive%, Removable Drives, Mapped Drives]\RECYCLER\Buruh.exe [%SystemDrive%, Removable Drives, Mapped Drives]\RECYCLER\Kuli.exe [%SystemDrive%, Removable Drives, Mapped Drives]\RECYCLER\Pembantu.exe [%SystemDrive%, Removable Drives, Mapped Drives]\RECYCLER\Tukang.exe [%SystemDrive%, Removable Drives, Mapped Drives]\RECYCLER\services.exe
W32.Ptopirate
W32.Ptopirate is a worm that will propagate via removable USB drives and unsecured network-shared drives. W32.Ptopirate can create its own registry entry that will allow the worm to run automatically during Windows boot-up. More
W32.Yimfoca
W32.Yimfoca is a worm that can reduce infected computer’s security settings by stopping processes belonging to Microsoft Malware Protection Service and Windows Update. W32.Yimfoca will propagate by sending malicious links through Yahoo! Messaging program. Malicious files that originates from this family of computer worms are identified as W32.Yimfoca!gen.
More
W32.Avendog
W32.Avendog is a worm that propagates by creating a copy of itself to removable and USB drives. It will create a backdoor on infected computer that allows a remote attacker to obtain unauthorized access. W32.Avendog can also inject malicious code on to “Explorer.exe” so that the malicious process loads automatically. More
W32.SillyFDC.BBX
W32.SillyFDC.BBX is a worm that propagates by creating a duplicate copy of itself to removable USB and unsecured network mapped drives. W32.SillyFDC.BBX also drops more malware and tries to execute additional threats on the compromised machine. Other than that, this worm may also disable security applications and certain system software. More
W32.Pilleuz
W32.Pilleuz is a worm that may open a backdoor on compromised computer allowing a remote author to gain unauthorized access. The worm may access local files, download files, execute commands, modify Hosts file and steal web browser’s information. W32.Pilleuz can flood Internet traffic to various web sites that causes distributed denial of service (DDoS) attack. More
Email-Worm.Win32.Merond.a
Email-Worm.Win32.Merond.a is a worm that will spread by attaching self to spam email messages. It gathers email addresses from infected system and mass-mail a copy utilizing the computer as Simple Mail Transfer Protocol (SMTP) server. This worm also propagates locally by dropping a copy to removable storage devices like USB flash drives, memory sticks, and external hard drives. More