Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 09 Dec 2002
Damage: Low

Characteristics: The virus W32.Lamin is a polymorphic virus that infects Portable Executable (PE) files. It contains a keystroke logger and an IRC backdoor Trojan. Once it infects a system, it allows hackers to gain access to sensitive information. It also logs keystrokes on a computer file.

More details about W32.Lamin

W32.Lamin infects PE files. It is polymorphic virus. It is encrypted and the encryption changes between infections. The virus uses a very simple encryption. The key is only four bytes long. The encryption scheme is xor. When the virus is decrypted, it inserts a .dll file on the computer. This file performs malicious actions on the computer. The .dll file is kept in an encrypted form. When the file is inserted on the computer, it takes a random filename and is inserted in the Windows System folder. The .dll file is an IRC backdoor Trojan and a keystroke logger. A backdoor Trojan allows a third party or a hacker to get access to sensitive information on the infected computer. A keystroke logger monitors all keystrokes and logs them on a file.

The .dll file also infects other PE files that it finds on the system. The file is multi-threaded and can perform various actions simultaneously. Allegedly, the W32.Lamin program can be utilized as a tool to monitor the Internet activities of the user. It is also reported that it can allow the intruder to capture sensitive and confidential information. Some reports claim that it also hijacks the Internet browser by modifying the user’s Web browser settings including homepage and search features. The program is also capable of spreading additional threats or malicious software to the already compromised computer.