W32.Chamb


Aliases: N/A
Variants: N/A for W32.Cham

Classification: Malware
Category: Computer Virus

Status: active
Spreading: Low
Geographical info: Low
Removal: Easy
Platform: W32
Discovered: 01 Aug 2006
Damage: Low

Characteristics: W32.Chamb is a virus and a proof of concept infector of .CHM help files. It is said that it is the primer in infecting compiled HTML (CHM) files parasitically.

More details about W32.Chamb

Significant sign that this virus is present in your computer is when it automatically finds CHM files from its current directory. You may see that your computer is automatically searching or browsing file folders. It is also automatically patched up to CHM files making these files a new stream. Significant changes can be seen in each HTML page in the CHM file to reference this stream. The W32.Chamb program can enter the system through security exploits. It searches the system for programming vulnerabilities and enters through it. It may also enter through an already existing backdoor. A remote user may download this file to the compromised system.

The program may also propagate through deceptive means. Its file name may be changed to a popular downloads. It may be named with a different program’s name or a crack for a popular program. It may then be dropped to peer-to-peer file sharing networks. Users may download it under the impression that it is a different file. This program may also spread through e-mail attachments, instant messaging applications, and IRC channels.