W32.Culler.A


Aliases: IM-Worm.Win32.VB.au
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: active & spreadings
Spreading: moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: hard
Platform: W32
Discovered: 23 Feb 2007
Damage: Low

Characteristics: The W32.Culler.A application is another worm that infects and spread through the use of MSN Instant Messenger. MSN Messenger is an instant messenger program. This worm uses this platform to send and drop a variant of this worm named “W32.Culler.A.” Once the virus is currently installed in your computer, the worn multiplies itself to the system directory as well as to several shared directory of P2P application

More details about W32.Culler.A

This program propagates via MSN Messenger. Upon downloading, the W32.Culler.A application is automatically installed. This application makes copies of itself from one computer to another. Its file name and extension may be that of a legitimate file. Once this application is dropped into a system, it may replace legitimate files. Its running processes are hidden from the process tree. It runs silently as a background process. This program creates a startup registry in the Windows folder such that it can be activated each time Windows reboots. It may be installed via different process names.

The W32.Culler.A application may drop additional malware programs in the user’s system directory. It can also monitor the tracking habits of the user and capture keystrokes. Thus, this software can also steal sensitive data such as personal information and financial data. Moreover, this application can function as a proxy server. It is capable of allowing remote influence from third parties. This means that a remote user may run, alter and download various files on the compromised system without the user’s knowledge and consent.