Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Maldal.C@mm

Overview

Threat Risk LOW LOW
Destructivity HIGH HIGH
Payload Plants destructive script virus, partially disables keyboard, may delete files
Detection files published
Description created 19 Dec 2001 05:57:00
Description updated 28 Dec 2001 08:30:00
Malware type WORM
Alias W32/Zacker.C
W32/Keyluc.C
W32/Reezak.A
Spreading mechanism EMAIL
Summary None

W32/Maldal.C@mm

Spreading

When run, this worm will copy itself to the Windows directory under the name Christmas.exe. It will then set a number of registry keys - one to set ComputerName to "Zacker", one to set default home page to an infectious page on Geocities, and another one to automatically run the worm from startup.It will then display a small graphical window, and email itself to all users in the Outlook address book.

Payload Details

The worm carries a number of side effects. One that is notable is that it does disable the keyboard partially - the keyboard will work if inside a DOS box. The worm may also try to delete all files in the Windows system directory. This has been reported, but did not happen in our tests.

The worm indirectly plants a destructive script virus -VBS/Dismissed.A or B- on infected users.



Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:15