W32.Imspread.Gen


Aliases: W32/Imspread.Gen
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active and Spreading
Spreading: Slow
Geographical info: North America, South America, Asia, Europe, some parts of Africa and Australia
Removal: Easy
Platform: W32
Discovered: 27 Mar 2008
Damage: Low

Characteristics: The security risk W32.Imspread.Gen is a standalone IM (instant messenger) worm program. It is a generic detection of a family of worms that can spread via instant messaging applications. These instant messaging applications include Yahoo!, MSN, AOL and ICQ to name a few. This worm is capable of opening a back door in the compromised machine and dropping additional security threats which will lead to the system’s decreased performance. The most infamous IM worms include the NewPic, Choke and Coolnow.

More details about W32.Imspread.Gen

When the W32.Imspread.Gen worm is executed, it will attempt to find an address book of an instant messaging application installed in the target machine. It will then attempt to send its code to all the contacts it has gathered. This worm supposedly utilizes social engineering tactics and sends infected messages that goad users into executing the worm’s copies on their computer system. This security risk will also copy itself in the infected machine. The W32.Imspread.Gen also lurks silently and waits for a connection to the Internet to be established. When an Internet connection is detected by the worm, it will open a back door and then attempt to download potentially dangerous files to the system. These files will be downloaded from a website that is predefined by the worm’s remote author.

The W32.Imspread.Gen worm is said to have backdoor functions. The opening created by the program allows remote users to gain unauthorized access on the computer’s resources. An unauthorized remote user may also send instructions to the computer through the ports opened by the application. These remote commands may include deletion of files, modification of system settings and termination of running processes. The remote instructions are sent via Internet Relay Chat (IRC) channels.