W32.Piffle


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 05 Jul 2007
Damage: Low

Characteristics: W32.Piffle was first discovered on July 5, 2007. This type of virus is a proof-of-concept virus that infects Windows .EXE files in the current directory. The operating systems this virus mostly affects are Windows 98, 95, XP, Me, NT, Server 2003 and 2000.

More details about W32.Piffle

When the virus is executed, W32.Piffle finds for uninfected EXE files in the current directory then randomly selects each of them. If a file is chosen, the virus produces a Program Information File or PIF to replace the previous file. The PIF is actually an archive wherein the virus code and the host file are stored there. If this .PIF is executed, the command-line inside runs the command-processor then passes debug.exe and the name of the PIF as parameters. Also, the command-processor runs debug.exe while the PIF is used as a script to drive debug.exe. The script has the ability to build a Windows executable in memory then writes it to disk and executes it. The file that is produced opens the .PIF enables to extract and run the host file. Afterwards, it searches for another EXE file to infect and do the same thing. Basically, the file that is created is detected as W32.Chiton.gen. This virus is a family of six viruses that also infects files.

Apart from its downloading capabilities, the W32.Piffle application also spreads threats to other systems. The propagation of threats may be done through the applications that are utilized by the user. This include P2P (peer-to-peer) programs and instant messaging applications. Users may unknowingly download infected files from P2P programs. They are typically disguised under filenames of popular programs and downloads to avoid being detected as a threat.