W32.Bumper.Worm


Aliases: I-Worm.Bumper [AVP], Troj/Bumper [Sophos], WORM_BUMPER.A [Trend], W32/Bumper [McAfee], Win32.Bumper [CA]
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: dormant
Spreading: slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 20 Aug 2001
Damage: Low

Characteristics: The W32.Bumper.Worm program uses Microsoft Outlook and it automatically sends itself to all the contacts of your computer Windows address book.

More details about W32.Bumper.Worm

The W32.Bumper.Worm program is another worm that uses IRC channels in spreading and multiplying itself. It also uses Microsoft Outlook and automatically sends itself to all the contacts of your computer Windows address book. It contains the following on its subject: “Hey! Let's see how smart you are” or “Check out the new IQ test! Let's see if you are smart enough to pass it!” It may also contain the attachment named as sysloader.exe. This is written with Microsoft Visual Basic programming language and compressed with UPX.

This program allegedly affects all Windows Operating Systems namely, Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT and Windows XP. This worm copies itself to systems folder and makes a file named C:\%system%\sysloader.exe. It continuously locates the System folder and copies itself to that location. Originally, when Windows is installed to your system, it will be like this: C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP). It also creates Registry entries so that the worm will also start every time you start windows.