W32.Gaut.A


Aliases: W32/AutoRun-XE
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Fast
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 07 Nov 2008
Damage: Medium

Characteristics: W32.Gaut.A is a worm that propagates and attacks a lot of files on both local, shared and removable drives and downloads other threats. It uses a “Autorun.inf” file which will start its infection process every time the infected drive is accessed. As such, the worm may corrupt an infected file and this also contains a patch that will also spread the worm. It makes use of instant messaging applications such as Googletalk and Yahoo Messenger. This worm automatically gathers all contacts from a list in Googletalk and Yahoo Messenger to send spam messages with a link to worm.

More details about W32.Gaut.A

The message contains the following: Now search your google in a HYBRID\DYNAMIC way...Hey what are you doing Please test my new webcam using private application...The wisest mind has something yet to learn...Hey Please help me to test my new cam application...ok thats fine Waiting for you, view my private cam via secured connection...Happiness is not a destination. It is a method of life... View my private cam via secured connection... If you want truly to understand something, try to change it...asl please I am 23 Female, Delhi (India) and you?” The link should not be opened, clicked on or even executed for the worm will start spreading itself on the compromised computer. It also contains backdoor and remote capabilities. It automatically downloads more harmful files from the Internet without authorization from the compromised computer. The files are stored and created at several local folders, shared, network and removable drives. Files that can be seen are autorun.ini, chrome.exe, C:\Windows\chrome.exe, New Folder.exe and add C:\WINDOWS\Tasks\At1.job. All platforms of windows are vulnerable to this worm, may it be Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT and Windows XP.

Security experts claim that the presence of the W32.Gaut.A worm in the computer could produce the undesirable changes and effects such as making security software inoperative thus opening the computer to more risks. This worm may also facilitate the opening of unwanted network connections and allow the injection of more malware into the system. This worm is also responsible for the transmission, sharing and collection of personal and confidential user information without the knowledge and consent of the user. Users also experience a marked deterioration in system speed and performance since the program alone consumes excessive amounts of system memory.