W32.Bounds


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: active & spreading
Spreading: slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 09 Aug 2006
Damage: Low

Characteristics: Little is known about this virus. It was discovered as a proof of concept virus that attacks more on the processor rather than the windows Operating Systems.

More details about W32.Bounds

The W32.Bounds program is a known various which came from a proof of concept polymorphic entry point, which means that it is an undeniable infector of Windows executable files. It targets processors rather than Operating Systems. It is acknowledged that the worm has two versions: one is for 32-bit and the other is 64-bit-processor from AMD. Anti virus companies found that code originated on several websites that are underground and on several IRC channels. The author of this virus intends to let his infected computer know that the virus works and it can be very complicated to detect since it works across multiple processor families. This virus infects systems by tying itself to windows executable files which disintegrate the chip level threats. It attacks all suitable executable files in the current directory and all subdirectories, not minding file extensions, meaning no limitations. It is also said that it uses a special entry point by hooking an entry in the Import Table which is known as Bound Import Table.

The W32.Bounds program is a stealthy program. The administrator or power user of the computer is bypassed. Thus, the download and upload of files are barely noticeable especially when the files are so small. Also, with the current processing speed of the computers these days, simple file transfers and modification are done in moment. Another factor that keeps it stealthy is its use of random names as its core files.