W32.Botou


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: active & spreading
Spreading: moderate
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 11 Feb 2008
Damage: Low

Characteristics: The W32.Botou program is known as backdoor worm that continuously multiplies itself to all the existing drives on the compromised computer. Once it is in the computer, it may also change system settings.

More details about W32.Botou

The W32.Botou program affects Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003 and Windows 2000. It is known as backdoor worm that continuously multiplies itself to all the existing drives on the compromised computer. Once it is in the computer, it may also change system settings. You may see all drives with the program “%currentfolder%\[FOLDER NAME].exe. It disguises and continually hides itself to the computer so that detection would be complicated. It poses and saves as in the Windows folder icon. All the program files infected by this worm tend to be hidden and would be hard to detect. By operation, it also commands windows not to display hidden files by default and to hide file extensions.

The W32.Botou program is capable of connecting to remote file servers to be able to download and execute different types of illicit files and programs. These files and programs may consist of adware and spyware programs, worm applications, downloader Trojan programs, backdoor Trojan applications and other viruses. These components are all installed stealthily on the user’s computer. The presence of additional malware applications on a computer makes the system unstable. Some of the components added by this application are capable of getting information, such as the user’s PII (Personally Identifiable Information). Information regarding the affected computer can also be collected from the computer. This includes the Operating System, the IP (Internet Protocol) address and the RAM (Random Access Memory). This information can be used to perform attacks against the system.