Aliases: W32/Stayt.a
Variants: W32/STAYT.A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 08 Jun 2008
Damage: Medium

Characteristics: This application infects executable files found on remote and local drives connected to the compromised computer. This searches for files on the machine that is infected to add its viral code. From the Internet, it tries to download malicious files to further harm the system.

More details about W32.Stayt.A

This worm program enters a computer when the user visits websites that are embedded with its codes. The program can also be downloaded or dropped by another malware application that is already present on the user’s computer. This worm program autostarts each time the computer starts up. The W32.Stayt.A application opens a backdoor on the user’s computer. This backdoor serves as a means for the remote user to be able to control the affected computer. The worm application listens for commands coming from the remote user through an open port. The remote user can send some commands, such as deleting of important files from the computer, uploading and downloading of programs and starting or participating on attacks to different servers.

The W32.Stayt.A application has a backdoor functionality as well. It has a built in Internet Relay Chat (IRC) bot. This allows the malware to connect IRC channels and allow access to remote users. The W32.Stayt.A application may inject a certain code in the computer’s running services. This is the main body of the computer worm. This allows the program to execute every time the services are started. It also adds a new registry entry to the Windows directories. This enables the program to run with the start-up processes of the system.