W32.Wisfc


Aliases: Backdoor.Win32.Bifrose.cft, W32/Honk, W32/NetworkWorm.BSA
Variants: Win32.Honk.A, Win32/Delf.BU

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 21 Dec 2005
Damage: Low

Characteristics: The W32.Wisfc program is a type of virus that infects.dll, .exe, and .scr files. It as well drops another threat, a variant of the Download.Trojan family. System affected by this virus are Windows 95, Windows 2000, Windows Me, Windows 98, Windows Server 2003, Windows NT, and Windows XP.

More details about W32.Wisfc

Once W32.Wisfc is executed on your system, it copies itself as winsfc.exein the System folder. The virus also creates the mutex particularly the WINSFC_MUTEX so that only 1 copy of the virus will run on the compromised computer at any 1 time. Because of these processes, the virus may add values to the registry sub key as winsfc.exe in order for the virus to automatically run each time Windows starts. The virus is likely to drop and execute .exe file from the Windows temporary folder. This file is the variant of the Download.Trojan family. The downloaded malicious file looks for and infects any.dll, .exe, and .scr files found on any of the drives installed on the compromised computer.

The programming script of the W32.Wisfc program contains a specific server it will contact. The malware application may send a notification message once it has been installed. This reportedly contains system information such as IP address, operating system, and CPU. The software will then wait for commands on the backdoor. All communication is facilitated with HTTP (HyperText Transfer Protocol).