W32.Arcam


Aliases: W32.Arcam.B, W32/Arcam.A, Arcam, Bloodhound.W32.1
Variants: Email-Worm.Win32.Banof, W32/Banof.6909, Dropped:Win32.Trilissa.M@mm, Win32:Banof, Worm:Win32/Banof.A

Classification: Malware
Category: Computer Virus

Status: Inactive
Spreading: Slow
Geographical info: South America, North America, Europe
Removal: Easy
Platform: W32
Discovered: 04 May 2004
Damage: Low

Characteristics: The W32.Arcam is a malware which attempts to make use of the Internet Relay Chat client and email messaging service of the targeted machine to spread its codes. It is also known to target specific file types to infect or corrupt by appending its own codes.

More details about W32.Arcam

When the W32.Arcam virus successfully breaks down the security protection of a computer system, it begins to execute by infecting specific Portable Executable file types. It scans the contents of the infected hard drive to locate files using the CPL, EXE, and SCR extensions. Files using these extensions are modified by creating a new section in the file where the codes of the virus are appended. After completing this infection and corruption process, the W32.Arcam program proceeds by copying its codes into a file that uses the Secret.txt.exe name in the root directory of the hard drive. The file plaeCBBNV.vbs is also placed by the virus in the root directory. This file is used to issue a command that will allow the W32.Arcam program to email its codes to all contacts in the address book of the Microsoft Outlook client.

The message attempted to be sent by this malware uses the word "Text" in the Subject line and Message body. The Secret.txt.exe file is attached to the spiked email message. The initialization settings in the Mirc.ini file are modified by this malware to allow it to use the Internet Relay Chat service to spread its codes to other computer systems connected to the IRC service.