W32.Jumpred.A


Aliases: IRC-Worm.Win32.Jupir.a, W32/Jupir-A, WORM_JUMPRED.A, IRC/Fruzhen.2, W32/Jupir.A@irc 
Variants: W32/Edor.worm, Win32.HLLW.Eudor

Classification: Malware
Category: Computer Worm

Status: Active and Spreading
Spreading: Slow
Geographical info: South and North America, Europe, Asia
Removal: Easy
Platform: W32
Discovered: 13 Feb 2007
Damage: Low

Characteristics: The worm W32.Jumpred.A is capable of spreading via IRC channels by using the client MIRC. This worm is also able to copy itself to the drive A:\ and to file sharing networks. The file sharing networks include KaZaa, Grokster, iMesh and Limewire. This worm can copy itself to the drive A:\ as a .com file every 5 seconds. It will likewise try to create copies of its code in KaZaa’ download folder.

More details about W32.Jumpred.A

Upon execution of the W32.Jumpred.A worm in the affected system, it will create copies of itself in the com, bat, pif and exe file extensions. This security risk also adds a value to a predetermined registry subkey so it can run every time Windows starts. It will also add another value to a different registry subkey which will serve as its marker for infection. This malware is also capable of hijacking the start page of the Internet Explorer and then redirecting it to another domain. The worm will also create 2 files; a TXT file that is not malicious and an .INI file that will contain a MIRC client script. It will then begin to send copies of itself to other systems if the MIRC client is opened in the affected system. It will likewise close windows that have the strings Editor del Registro, Calculadora, Documento1 – Microsoft Word and Informacion del sistema de Microsoft.

The W32.Jumpred.A program is usually acquired as a shared file on the local network. The application has the ability to bind itself on unsecured folders available on the network. The installation component of the program is often encrypted on the shell commands of legitimate applications. The installation of the program is initiated once the user executes the corrupted application. The W32.Jumpred.A application may also be obtained through other distribution methods such as e-mail, peer-to-peer (P2P) file sharing networks, websites with drive-by download scripts and freeware and shareware programs. The installation procedure of the application does not require the user’s consent.