W32.Mysamurai


Aliases: W32/MySamurai
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active and Spreading
Spreading: Slow
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 02 Sep 2007
Damage: Low

Characteristics: The W32.Mysamurai worm is capable of spreading itself by copying its code to shared drives that it locates in the compromised computer system. This worm may also be able to open up a backdoor in the infected machine. This backdoor will then be used by the malware to take commands from its remote master.

More details about W32.Mysamurai

Once run in the victim system, the W32.Mysamurai malware will copy itself as files with the file extensions PIF, EXE, CFG, MSD, SYSM, SCR and DLL. It will likewise create file with the .INI file extension. This file is a photo of a silhouetted samurai. This security threat will also add some configuration information and lines to the system’s dektop.ini file. It will then proceed to create several registry entries so that it will launch along with Windows during startup. This worm will further modify the registry by altering some of the entries to ascertain that the desktop’s screensaver is active and ready to

Once the program enters the system it will place its files in the Windows directory. The executable file is added to the system registry. This allows the worm software to run at startup. The W32.Mysamurai program creates copies of itself in the system. These are placed in folders shared via peer-to-peer programs. They are commonly labeled as popular downloads. This is done so that the files frequently appear in other peer-to-peer users search results.