W32.Losabel


Aliases: W32/Autorun-KQ, Win32:Agent-SIM, Downloader.Generic7.WFV, TR/Crypt.FKM.Gen, Dropped:Generic.Malware.P!dldPk!g.12CFC703
Variants: Virus Profile: Downloader.gen.a!9f401da777d7, W32/Losabel.GL!tr.dldr, Trojan-Downloader.Win32.Losabel.gl, Trojan.DL.Losabel.BM, worm:win32/autorun.kl

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: ASIA
Removal: Easy
Platform: W32
Discovered: 19 Feb 2008
Damage: Low

Characteristics: This particular malware has been identified to initiate the downloading and execution of potentially dangerous files from questionable sources on the Internet. The W32.Losabel has been known to achieve this by lowering the security protocols of the infected computer system making it vulnerable to more threats. It has been observed to make use of fixed and removable storage devices as transport mechanisms to spread its codes to other computer systems.

More details about W32.Losabel

Activation of the W32.Losabel into a compromised computer system would result in the extraction of an executable, information, and Dynamic Link Library files into the main hard drive of the target machine. These files are normally stored in the same location as the operating system files to give them an air of authenticity. The W32.Losabel would institute unnecessary and compromising changes to the Windows Registry in order to activate certain functionalities like attaining automatic loading capability on system boot up or restart. The W32.Losabel has been observed to scan the infected computer system for the presence of the hard drives C to Z and attempts to identify whether the drive is removable or fixed. The Worm will proceed to infect the drives accordingly.

An identified drive will become the host for an information and executable file which are components of the W32.Losabel. This results in the automatic spreading of the infection once the drive is accessed by the unwary computer user. The W32.Losabel has also been observed to connect to predetermined websites presumably controlled by its malicious author. Numerous executable files will be downloaded and arbitrarily launched into the infected machine to negatively affect its functionality. The W32.Losabel will terminate security related services and processes including the Internet Connection Firewall protection of the operating system.