Aliases: W32/Burmec Worm
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: active & spreading
Spreading: slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: hard
Platform: W32
Discovered: 15 Jan 2007
Damage: medium

Characteristics: The W32.Burmec program targets removable and mapped drives by replicating itself.

More details about W32.Burmec

The W32.Burmec program allegedly creates files with the filename: “C:\2 July '84.txt.” This text contains a message that says “A PIECE OF OUR LIFE WAS HERE FIND THE OTHER......(N).” The program also creates the following files in your computer system folders: ”%Windir%\scvhocst.dll,”%Windir%\drvdata.dll,”%System%\user32.com - a copy of %Windir%\regedit.exe” and “%System%\mmtask.exe.” Other files that this worm may create are MSGSRV32.COM in the Windows folder, DDRAWXP.OXC, KERNEL.VDX, CIRRUSX.OXC, RPCSS.VDX, Msconfig.exe, and regwiz.exe in the Windows System folder and Virtual Girl.com in the Program Files folder. This worm primarily targets windows systems. Thus, a lot of data might be loss if this worm spreads thoroughly in your computer. It also changes system registries. If it successfully attached itself to system folders, it will lower security settings and disable antivirus programs. And so, your computer will be more susceptible to other virus as well.

The application is normally distributed to various networks via spam email messages that contain the trigger file as attachment. The file attachment is usually in a compressed format possibly as an attempt to complicate its detection. The sender address of the email is most probably spoofed so that it cannot be traced back to the attacker. According to majority of anti-virus vendors, this security risk is one of the more difficult to remove from an infected system.