W32.Darksnow


Aliases: W32/Blic-A, TROJ_DARKSNOW.A
Variants: W32.Darksnow.B

Classification: Malware
Category: Computer Virus

Status: Inactive
Spreading: Slow
Geographical info: Some parts in Asia, North and South America, Europe and Australia
Removal: Easy
Platform: W32
Discovered: 18 Apr 2007
Damage: Low

Characteristics: First appeared on April 18, 2007, the W32.Darksnow program is a virus that replicates with the use of another virus which is the O97M.Darksnow. The level of the damage this virus brings is low. However, it can infect other corrupt files which can no longer execute or infect other files.

More details about W32.Darksnow

This virus copies with the use of 097M.Darksnow. 097M.Darksnow is another virus which is actually a micro virus that targets the Microsoft Word and Microsoft Excel. Hence, the W32.Darksnow program is launched in the computer to specifically infect the Normal templates of both Microsoft Word and Microsoft Excel. The virus replicates itself to either the normal template or the active word document. It can also copy itself to the file book1.xls or any current excel document and the book.xlt file or current template. Upon successful launching, the virus drops the 097M.Darksnow and runs the following file: %UserProfile%\bk_2B.tmp. If the Microsoft Word or Excel is infected, the user can no longer use these two Microsoft Office tools.

High risks of the W32.Darksnow program are typically installed with no user interaction throughout security utilization, and can relentlessly compromise system safety. These risks open illegitimate network connectivity that use polymorphic techniques to stop security software, self-mutate, modify system files, and install added malware.