W32.Lindo


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: N/A
Geographical info: North America
Removal: N/A
Platform: W32
Discovered: 01 Feb 2002
Damage: N/A

Characteristics: W32.Lindo is an email worm that is written in Delphi. Email worms propagate using the Internet. This particular worm propagates as an attached file in an email message. This worm is known to crash if the system does not have an Internet connection.

More details about W32.Lindo

The worm spreads through email. The subject of the email is one of the following: Hola, Mira esto!!, Riete!, riete, sonrie, de risa, mira que comico, and mira esto. The email has an attachment that uses any of the following filenames: Lindodia.exe, Flash.exe, BinLaden.exe, Bush.exe, Comic.exe, Amorloco.exe, Dinosaurio.exe, Matrix2.exe, Reirse.exe, Chiste.exe, Machista.exe, Feminista.exe, and Bushboom.exe. Once executed, it copies itself in the system. Finding one of these processes running in your computer means that is has been infected with the worm W32.Lindo. If the system does not have an Internet connection, the worm crashes. The worm can be removed manually with the aid of an updated antivirus software program. Updating virus definitions enables an antivirus software program to help in completely removing a threat from the system.

The W32.Lindo application is worm software. It enters the system using folders and resources shared with networks. This can include Local Access Networks (LANs) and peer-to-peer (P2P) networks. Operating system vulnerabilities may be used to enter the system. Most worm programs also have lists of common user names and passwords. These can be used to launch a brute-force attack on protected network shares. The software will try all the entries in its list to access the resource. The W32.Lindo program opens an unused system port. It creates a backdoor to connect to an IRC server. The application will then enter an IRC channel. It will appear to others as another logged-in user. The worm software author specified this channel. The application waits to receive commands from logged-in users.