Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 02 Jan 2007
Damage: Low

Characteristics: On January 2, 2007, a worm that tries to spread by creating a copy of Infostealer via file-sharing applications was discovered. This worm is W32.Formshared.A. The infostealer that is copied by this worm is a generic detection for Trojan horse programs usually tries to steal important information. This worm primarily infects Windows systems.

More details about W32.Formshared.A

This worm performs several actions in propagating. First, it copies itself to %Windir%\checkers5.exe and adds a value to the system registry subkey. Then, the worm creates a folder which is %Windir%\Shared. It also creates a number of files with the .zip extension. These files contain an Infostealer. This means that sensitive information can be stolen such as the password and bank account details. After randomly selecting a name for the .zip file, the worm registers its file-sharing application to several servers. Hence, propagation of the worm is successfully installed.

The W32.Formshared.A software uses an idle system port. It opens this to connect to the Internet. The backdoor is used to connect to a remote server. The program will then wait for commands. These are commonly executed in the computer without the user’s consent. Files and programs in the infected system may be changed unexpectedly. The webcam or CD drive can be opened and closed. The user’s activities can be recorded using a keylogger function. Gathered data can be sent to a remote server.