W32.Niucoft


Aliases: Generic Downloader.x, Mal/Behav-285, Trojan-Downloader.Win32.Bagle, Trojan-Downloader.Win32.Bagle.jr, WORM_BAGLE.VS
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 20 Sep 2007
Damage: Medium

Characteristics: W32.Niucoft is a worm that spreads through self duplication to all drives on the infected computer. It also adds an “iframe” tag into “.htm” files. Altered “.html files” are known and repaired as Trojan.Maliframe!html. This can fill up your computer with files, which are malicious, damaging, and are not important to your computer. As it reproduces, it takes up space. The space becomes unusable when the memory space is lessened.

More details about W32.Niucoft

This causes the computer or system to slow down and crashes. The worst thing is your system may become inoperable. It can sometimes change the boot sector. This could result in the inability of the computer to run. It affects Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, and Windows XP Operating Systems. Once executed, it will copy a “crsss.exe,” niu.exe” and “autorun.inf” on windows directory folders and removable drives. Registry keys are also modified so that the worm will run every time the window starts. The worm also then removes all files with “.gho” extensions. If it successfully removes these extensions, it will then browse for all .htm files as well as the following files: index.asp, index.php, default.asp, default.php and conn.asp.

The W32.Niucoft program may be used by a remote hacker to control the infected computer. The hacker may use a server to send out commands to the client, which is installed in the victim’s computer. With these tools, the hacker may have almost unlimited control over the compromised machine. The hacker may download unsolicited and unwanted files to the infected computer using the W32.Niucoft program. These files are most probably spying tools or remote controlling tools. After downloading, this program might be commanded to install these files as well. Other malicious programs that this Trojan can download include worms, viruses, adware and Trojans.