W32.Allim


Aliases: Troj/Dwnldr-HIV, Worm.Fliz.A, Proxy-Piky, W32/Opanki.worm, IM-Worm.Win32.Opanki.l
Variants: W32.Spybot.Worm, Backdoor.Sdbot, W32/NoChod@MM, WORM_CHOD.P

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Fast
Geographical info: North America, Europe, Asia
Removal: Easy
Platform: W32
Discovered: 27 Apr 2005
Damage: Low

Characteristics: W32.Allim belongs to a family of Worms which is to exploit security vulnerabilities in America Online messaging service. This malware is responsible for using AOL messenger in spreading its codes to unwary computer users. It is also believed to open a backdoor for its malicious author.

More details about W32.Allim

The routine undertaken by the W32.Allim program is to use AOL messenger as a transport unit. It sends a message to all contacts in the user's list. The message normally includes a link which will redirect the Web browser to a predetermined website and an instruction for the recipient to click on the link. When the Web browser is redirected, it automatically downloads and executes a self extracting archive file. According to computer security experts, this is the only way that the W32.Allim program can deliver its payload. When this malware is run, it drops two types of files into the target computer system. The first file is the W32.Allim program itself and the other is a variant of the Backdoor.Sdbot which is capable of creating an unsecured backdoor into the compromised computer system.

When using the AOL Instant Messaging client, the W32.Allim program makes use of the TCP port 5190 to control the application's behavior. Compromised computer systems may be used by this malware as a type of traffic relay unit or proxy server. The proxy server may be used by the malicious author to launch an attack to other systems or servers via the backdoor opened by the accompanying malware. Due to the possibility of hidden Worms extracted into the compromised machine, the best way to manually remove an infection is to reformat the hard drive. Using reliable and established antivirus applications is an alternative way of removing the effects of the malware.