W32.Seswol
W32.Seswol is a harmful worm that will attempt to spread itself by infecting removable USB Drives. Once inside the system, W32.Seswol will create registry entry to run itself each time Windows Starts.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Characteristics
The worm typically spread via spam email messages sent by a trusted contact who is also infected. It will drop autorun.inf file on affected drives so that the worm will run when drive is accessed.
Distribution
Worm W32.Seswol spreads by making a copy of itself to removable drives. This type of worm make use of Windows autorun functions to easily contaminate drives found on the system without users execution.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"MyApp" = "%System%\Svchost.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\"MyDate" = "[DATE]"Associated Files and Folders:
%System%\Svchost.exe %DriveLetter%\Setup.exe %DriveLetter%\autorun.inf