Aliases:  W32.Falgna
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Dormant
Spreading: Slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 18 Jan 2007
Damage: Medium

Characteristics: W32.Falgna is a worm that anonymously steals information from the compromised computer’s system. As such, it automatically talks to a remote attacker to have unauthorized access in the compromised computer. It is also known as Backdoor.Amitis.C. This worm also creates tons of files that are insignificant yet damaging.

More details about W32.Falgna

Files come from different filenames, such as: MSINSCK.OCX, Rtmp.bat, Rtemp.bat, Rtmp.scr, ALMV.exe, DLMVT.exe, DLMVD.exe, DLMVX.exe, DLMVP.exe, RCS.exe and Rtmp.log located in windows system folders. Whilst on the removable drives, users may see Autorun.inf, ALMV.exe, MVH.exe and MVS.exe. The autorun file contains a command to start the worm when the removable drive is already connected to the system. As it multiplies, it takes up space and this space becomes unusable while memory space is also lessened.

The W32.Falgna program allegedly incorporates a stealth design allowing it to initiate its activity in the background to avoid detection. Some claimed that this malware is capable of modifying and adding values and entries onto the Windows Registry to allow it to load during Windows startup, disable installed security programs, and hijack the basic functions of the machine. This program may be acquired when clicking on random pop-ups and banners on unsolicited sites on the Web. There is a high potential for this malware to be disguised as a legitimate program to trick users into downloading and installing it on their system.