Aliases: IRC-Worm.Win32.Kromber, IRC-Worm.Kromber, W32/Kromber!irc, W32/Kromber-A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 06 Oct 2003
Damage: Low

Characteristics: The worm W32.Kromber is a network worm. It spreads though the IRC network. It sends a URL that contains an exploit and runs a script. This script drops and executes a file called browsercheck.exe. When an unsuspecting user visits the URL, a malicious HTML page loads a .php file.

More details about W32.Kromber

The worm W32.Kromber propagates itself though the IRC network by sending a user a link to a Web page. This URL contains an exploit. It also runs a script that drops and runs a file called browsercheck.exe. Once the URL is visited by an unsuspecting user, the HTML page displays a cartoon. This distracts the user from the malicious actions of the file. It also loads a .php file named Drunkchicks.php by using a vulnerability. This file creates and runs the file, C:\Browsercheck.exe.The file C:\Browsercheck.exe uses Dynamic Data Exchange to get the infected user's mIRC client to send the message LOL, followed by the malicious URL. It also sets the topic for both the first and second channel to the malicious URL. If another user clicks on this link, the remote site will be contacted.

High risks of W32.Kromber program are typically installed with no user interaction throughout security utilization, and can relentlessly compromise system safety. These risks open illegitimate network connectivity that use polymorphic techniques to stop security software, self-mutate, modify system files, and install added malwares. These threats may collect and spread Personally Identifiable Information (PII) with no user consent and persistently degrade the stability and performance of the computer.