Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Hard
Platform: W32
Discovered: 27 Jan 2008
Damage: Low

Characteristics: The W32.Tufik.B application infects executable files on mapped and local drives and tries to download extra files to the computer that is compromised.

More details about W32.Tufik.B

When the W32.Tufik.B was executed, it replicates itself as %Windir%\alg file having .exe extension. The virus then will generate the entry of the registry so that each time the Windows will start the virus will also run at the same time. Then the virus will infect all of the executable files that can be found on the mapped and local drives of your computer. This virus will then try to download the found files that are a copy or duplicate of the Backdoor. Trojan: [http://]www.365xinyu.com/download/svcho[REMOVED]. The [REMOVED] variable that can be found at the end of the html is the file that is being removed from the drive.

The W32.Tufik.B program captures and records keystrokes encoded into the user’s computer. This includes all keyboard activity such as typed documents and chat conversations. This may also include search queries. At worst, this application may log usernames and passwords to online accounts and other programs that require login details. Online accounts may include e-mail, bank accounts, financial trade accounts, and online gaming accounts. Credit card details may also be logged. All the logged information is kept in a log file which is then sent to a predefined e-mail address via the program’s own SMTP server. The obtained information may then be used to spam e-mails with the user’s e-mail address and contacts list, theft, and fraud.