W32.Athrelon


Aliases: Athrelon
Variants: None

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Moderate
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 27 Apr 2007
Damage: Low

Characteristics: Part of the payload associated with the W32.Athrelon virus is its ability to log user keystrokes to steal sensitive information. This malware is also known to target executable files stored in the logical drives of the infected computer system.

More details about W32.Athrelon

The virus W32.Athrelon like most malware in its class is known for some type of destructive payload. A common characteristic for viruses is their ability to inject their codes or completely overwrite the contents of targeted file types in the infected computer system. Depending on their design, the virus may also spread across network environments using its preferred transport mechanism. The W32.Athrelon program normally infects executable files that reside in the drives from the letter J up to Z. Usually, these drive letters are used to map network drives that are shared by computer users in network environments. This is presumed to be the propagation routine designed for this malware which targets the executable files in these drives. Once the executable file is launched by the unsuspecting computer user, it will deploy its payload. On the local hard drive, the W32.Athrelon program normally targets the file Notepad.exe which is stored in the Windows directory. This means that this system utility becomes corrupted once the machine is infected by this virus.

The other payload associated with the W32.Athrelon program is its keystroke logging feature which is normally not a characteristic of threats belonging to the virus class. The logged keystrokes are usually temporarily stored in the local hard drive and secretly sent to the 830830sinx address in the sina.com domain. This also means that the virus may be capable of opening an unsecured backdoor in the infected computer system to be able to send the information to its malicious author.