W32.Icogon


Aliases: Icogon
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: North and South America, Australia, Africa, Asia, Europe
Removal: Easy
Platform: W32
Discovered: 28 Jun 2006
Damage: Low

Characteristics: The W32.Icogon like most viruses in its class attempts to target all executable files in the infected computer system. It functions by adding its code at the beginning of the target file corrupting its entry point. This also results in the increase of the executable file's size. Some reports indicate that this malware is capable of executing a backdoor that can be exploited by the malicious author.

More details about W32.Icogon

On the initial execution of the W32.Icogon it will attempt to create an executable file into a temporary folder in the local hard drive. It also modifies the key values of the Windows Registry in order to load automatically at every restart or boot up process of the infected computer system. The W32.Icogon will also create a new key value for its executable file to establish its presence in the compromised machine. The malware will then scan the contents of the local hard drive in order to locate all executable files. The W32.Icogon will continue to infect all the EXE format files that it will find except those found within the directory folder of the operating system as well as its subfolders.

When an executable file is infected with the W32.Icogon an additional 11,265 bytes of data is added to its original file size. The increase in file size is actually divided into 11,264 bytes placed at the beginning of the infected file and a single byte placed at the end to serve as a marker of the infection. The W32.Icogon will also randomly change the icon representing the infected executable file. Some reports point out that there are certain cases wherein the W32.Icogon creates an unsecured backdoor in the compromised computer system to allow the remote attacker unobstructed access.