W32.Iretsim


Aliases: W32/Iretsim
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active and Spreading
Spreading: Slow
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 31 Oct 2007
Damage: Low

Characteristics: The worm W32.Iretsim is capable of spreading its code by copying itself to all available removable drives found in the compromised computer. This worm is likewise reported to terminate processes that it detects as security related so that it will not be detected. This security risk may also open up a backdoor in the infected machine which will be used by its remote master for various malicious purposes.

More details about W32.Iretsim

Once this security threat is run in the victim machine, it will create a host of files with various file extensions such as .exe, .scr, .lnk, .pdf, .pif and .dll. The worm will also create plenty of registry entries and alter three registry entries to carry out a range of malicious functions. The W32.Iretsim worm will then proceed to end a host of security related processes to avoid early detection. The worm will target processes with the strings ‘task manager’, ‘avg’, ‘avast’, etc. If the security related processes cannot be terminated by the worm, it will then attempt to hide them. This worm can be contracted by clicking links on infected websites, opening infected attachments from spam emails, downloading shareware and free software or by using P2P networks such as KaZaa and Limewire.

The W32.Iretsim worm may also be obtained through other distribution methods such as e-mail, peer-to-peer (P2P) file sharing networks, websites with drive-by download scripts and freeware and shareware programs. The installation procedure of the application does not require the user’s consent. The W32.Iretsim worm utilizes rootkit tools to function stealthily on the computer. The rootkit function renames the files used by the application to appear as legitimate Windows processes. It may also disable active security features of the computer such as personal firewalls and anti-malware tools.