W32.Bratsters


Aliases: W32/Bratster, Wnipsvr.exe, W32.Bratsters [Symantec] Trojan-Downloader.Win32.Delf.bor [Kaspersky Lab] New Malware.ey [McAfee] Mal/Packer, Mal/EncPk-BW, Mal/Basine-C, Mal/Behav-160 [Sophos] Trojan-Spy.Win32.Banker [Ikarus] Win-Trojan/Xema.variant [AhnLab] packed with UPack [Kaspersky Lab]
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: active & spreading
Spreading: slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 25 Jul 2007
Damage: Low

Characteristics: This worm attacks all the drives of the compromised computer. The worm will infect Windows systems namely Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows Server 2003 and Windows 2000. This usually appears as a dropped file from another malware or has been downloaded by the user in the Internet.

More details about W32.Bratsters

This worm targets all drives and automatically downloads malicious file on to the infected computer. This usually appears as a dropped file from another malware or has been downloaded by the user in the Internet. If the worm successfully copies itself in the compromised computer, it will save a file named wnipsvr.exe and perefic.ini in the System folder. It also creates a registry and automatically loads every computer start up. This registry enables the worm to download malicious files from the list of predefined websites. From the list of available drive in the compromised computer, it may also create hide.exe and autorun.inf files. The worm also uses [http://]cao.ganbibi.com and [http://]bratsersrock.com] website to download files from the Internet. It will create filenames such as Programfiles100.exe.

When active in the compromised computer system, the threat may be used to steal critical personal and system information. It is widely believed that it may implement functionalities that are inherent in other types of security risks like adware, spyware, data miners, and hack tools.