W32.Falsu.A


Aliases: WORM_FALSU.A, Incef.A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Dormant
Spreading: Slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 31 Jul 2005
Damage: Low

Characteristics: W32.Falsu propagates trough file-sharing networks, email, network file sharing, and Internet Relay Chat. It also uses email with variable characteristics, through peer-to-peer file sharing programs, via  Internet Relay Chat  and across networks. It makes a subfolder named “shared” that is inside the Windows folder and consequently duplicates itself in the said subfolder. The only difference with this virus is that it doesn’t just use this application to spread but to also modify its settings. This ability expands its power to spread easily and fast in the compromised computer.

More details about W32.Falsu.A

This virus is said to drop the following in the system: WinExec.exe, lesbians_fucking.mpg.exe, porn_password_collection.exe, aim_hack.exe, msn_crack.exe, icq_hack.exe, WarDialer.exe, porn_video.mpg.exe, pedo_brazilian_kids.mpeg.exe, Delphi_7_Crack.exe, gta3_trainer.exe, blue_beep.exe, ftp_crack.exe, XP_keygen.exe, PS2_emulator_bleem.exe, win2k_pass_decryptor.exe, brazil_blond_XXX.exe, warcraft3_invisible_trainer.ex, invisible_IP.exe, Delphi_2005_Keygen.exe, commad.pif, srvwin.scr, WinUpdate.exe, Winsys.exe, C:\commando.exe, C:\comand.scr and Delphi_9_Keygen.exe. This effect in filling up your computer with garbage, that is, files which are malicious, damaging and are not important in your computer. As it multiplies, it takes up space and this space become unusable while memory space is also lessened.

This program consists of hidden functionalities similar to different types of malicious programs such as spyware, malware, adware, hacks, data mining and even a Remote Administration Tool (RAT). This worm is said to be capable of creating a backdoor for a hacker to enable the latter to gain access and eventually control the functions of the computer. The program allows the hacker to perform almost any action desired from a remote server. The hacker can modify or delete files, run programs, restart the computer and allow the computer to participate in Denial of Service (DOS) attacks.