W32.Cassel


Aliases: W32.Cassel, W32Generic!worm (McAfee), W32Generic!worm (McAfee), Worm.Win32.VB.gd (Kaspersky Lab)
Variants: W32/SillyFDC-AK [Sophos]

Classification: Malware
Category: Computer Worm

Status: active & spreading
Spreading: moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: easy
Platform: W32
Discovered: 06 Jul 2007
Damage: medium

Characteristics: Once clicked or opened, the W32.Cassel program creates Lcass.exe in the Windows System folder. It also alters windows registries in order for it to run during each Windows start up.

More details about W32.Cassel

The primary goal of this file is to spy on the Web activities of the victim, record the information, and transmit it to the website of the intruder. It is possible that this hacker would sell the information to those who would want to display their pop-up ads on the victim’s computer screen. The products and nature of the ads would be tailored to the specific preferences of the victim. It is believed that the primary spying tool of the W32.Cassel program is put into action as a shell extension and is therefore closely linked to explorer.exe. According to some experts, if the victim attempts to erase this spyware while explorer.exe is active, it will be alerted and will try to reinstall itself, thus, making it quite difficult for the user to eliminate this nuisance program.

According to some users, this malware downloads unwanted files that contain the various ads that it will display. The files, sometimes, also contain updates. This malicious program also makes modifications to the System Registry to allow it to be included in the list of programs that automatically start when the system is started. It is believed that the W32.Cassel program injects a DLL file into the browser program. This DLL file functions as a Browser Helper Object (BHO) that redirects the browser to the sites of some of the intruder’s clients. This BHO may also function as spyware that takes note of the sites the victim is visiting and the actions taken.