W32.Linkfars


Aliases: W32/Malas-M
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 04 Nov 2007
Damage: Low

Characteristics: W32.Linkfars is a worm. It spreads by copying itself to shared folders, file-sharing application folders, and removable drives. It does this by replacing existing .exe files. It may also create .html files. These files display a message written in Persian.

More details about W32.Linkfars

When the worm is executed, it copies itself as the following files: svchost.exe, MSshare.exe, Soundmax.exe, Update.exe, SexGame.exe, SexScreenSaver.scr, and SexGameList.pif. This worm also creates registry entries so that it executes every time Windows starts. It then creates the mutex b542345 so that only one instance of the worm runs on the system. It copies itself to all fixed and removable drives in an attempt to spread as the file autoply.exe. It also creates the file autorun.inf so that the worm runs whenever the drive is accessed. The worm may create the file Important.htm. The .htm file contains the following text: S A L A M - D O S T E - M A N. The worm may also display Persian text on the taskbar.

The W32.Linkfars program distributes replicates of itself on computers connected to the network. It is often propagated through shared computer resources on the network. It utilizes exploits on the Windows Operating System to spread security threats on the computer without the user’s knowledge. Computers protected with weak passwords are prone to the infiltration of the application.