Aliases: Bloodhound.W32.1, W32/MGF, W32.Mafeg.C
Variants: PE_MAFEG.C, Net-Worm.Win32.Magef.11264, W32/Magef.worm, Exploit:Win32/Siveras.E

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: Asia, Europe, North and South America
Removal: Easy
Platform: W32
Discovered: 01 Nov 2003
Damage: Low

Characteristics: The W32.Mafeg.B belongs to a family of malware that is known for its ability to take advantage of poorly protected network shares as transport mechanisms for its codes. This computer threat is designed to infect Portable Executable files which are in the EXE file type. It usually appends its codes to the targeted executable file which results in an increase of more than four kilobytes in size.

More details about W32.Mafeg

When the W32.Mafeg.B gains access to a vulnerable computer system it would initially drop an executable file into the directory folder of the operating system files. The dropped file serves as the main executable of this malware. For computer systems that are based on the NT platform, the W32.Mafeg.B would normally infect the NT Loader process as well as all the links to the computer user's desktop. This routine may force an error during the boot up process or redirect the links to other target files or resources. The W32.Mafeg.B will infect the executable files by inserting its codes making them carriers. When an unwary computer user runs the infected executable file, the malware will spread the infection.

The W32.Mafeg.B will also scan the infected computer system for the presence of network shares. When the malware locates local network shares it will attempt to create a copy of itself into the shared drive. This will cause the W32.Mafeg.B when the infected drive is accessed by the computer user. This is a routine which is used to spread the infection to other network clients. The W32.Mafeg.B will display a message box with Chinese text when the value of the month of the system date is divisible by three and the day of the week is either Friday or Saturday.