W32.Moulo


Aliases: W32/Moulo.worm, WORM_MOULO.A 
Variants: Worm.Win32.VB.j, Worm:Win32/VB.J, Worm/VB.2.AG, W32/Worcan.A.worm  

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Slow
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 19 Jun 2003
Damage: Low

Characteristics: The W32.Moulo worm is capable of copying its malicious code to the floppy disk and hard drive of the victim computer. This worm will use the icon of either Microsoft Visual Basic or Microsoft. This action is done by the worm in attempt to mask itself. This security threat also employs a backdoor component which will be used by its remote master to execute instructions to the compromised machine.

More details about W32.Moulo

When executed in the target machine, this security risk will copy itself as an executable file. It will also alter the registry by adding a value to a specific registry key so that its code will run once the operating system starts. The backdoor component used by the W32.Moulo worm’s author can be used for a variety of malicious tasks. These tasks include setting up a proxy server and logging all of the keystrokes of the user as they are entered. This worm can also be used by the remote master to include the system in DDoS or distributed denial of service attacks. It can likewise run and download files which may contain the malware’s updated version and pose as an email relay that will allow other hackers to route email messages.

This worm may likewise be used to stop, start or list services and processes currently running in the machine and reroute HTTP traffic to other websites. In addition, the worm can be used for modifying, executing and deleting entire folders and files. The W32.Moulo application replicates and distributes itself to computers connected to the network. The program is classified as an Internet Relay Chat (IRC) worm. Unsecured systems and computers on the network protected by weak passwords are prone to the infiltration of the W32.Moulo application. The program binds itself to the network shares to propagate to other computers within the network.