W32.Hunch.C@mm


Aliases: Bloodhound.W32.VBWORM, Email-Worm.Win32.Hunch.C, W32/Hunch-C, I-Worm/Hunch.C, WORM_HUNCH.C
Variants: Worm:Win32/Hunch.C@mm, W32/Hunch.c@MM, Hunch.C Internet Worm

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Fast
Geographical info: N/A
Removal: Hard
Platform: W32
Discovered: 10 Apr 2002
Damage: High

Characteristics: Considered by many computer experts as one of the more destructive Worms in the computer industry, it has been known for deleting various files formats like DLL, OCX, and SYS among others. These files are normally stored in a single folder in the main hard drive. The W32.Hunch.C@mm is a mass mailing Worm variant which has a dangerous payload of attempting to format the main hard drive of the infected computer system.

More details about W32.Hunch.C@mm

Consistent with the characteristics of mass mailing Worms, the W32.Hunch.C@mm harvests email addresses from the address book of the default email client of the operating system. The W32.Hunch.C@mm will send a spiked email message to all the contacts using a variable named subject file and file attachment. When executed in the compromised computer system it will display a pornographic image on the computer screen. The W32.Hunch.C@mm will search for a specific folder on the main hard drive where a number of file formats will be completely deleted. This routine makes it impossible to restore the machine to a previous state. The Worm will create a copy of its codes into the same directory folder as the operating system usually with the EXE file extension.

The Windows Registry will be modified by the W32.Hunch.C@mm to include a new key value allowing it to automatically load at system boot up or at every restart instance. Using a predetermined list of file formats, the W32.Hunch.C@mm will scan the computer system for the presence of these files and randomly deletes five instances of every file format. A log file of deleted files is kept by this malware in a text file. The W32.Hunch.C@mm will modify the batch file of the operating system to deliver its payload which is to initiate a reformat procedure on the next boot up.