W32.Pintae.A@mm


Aliases: W32/Pintae.A Worm, Worm/Pintae.A, W32/Namuki, W32/Vanneo.B.worm, Win32:Gatina-B
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 07 Nov 2006
Damage: Low

Characteristics: W32.Pintae.A@mm was discovered on November 7, 2006. This is a mass-mailing worm that also propagates through network shares. The operating systems this worm mostly affects are Windows 2000, 95, 98, Me, NT, Server 2003 and XP.

More details about W32.Pintae.A@mm

Once W32.Pintae.A@mm is executed, the worm does several actions for its propagation. The worm arrives as a file attachment to emails. It produces copies of itself as MSKernell.bat under the %UserProfile% folder, AutoRun.bat under %System% and Exit to DosPrompt.pif under%Windir%. In the D$ or C$ folder, the worm copies itself as Readme.scr. Then, another file is created which is info.txt that contains some system information including the user name, computer name and SMTP information. The worm adds and modifies values to the system registry subkey. After that, the worm email itself as a file attachment to email addresses from the Windows Address Book. Lastly, the worm has the ability to disable some processes which are believed to be security-related processes. These processes include System Restore, Windows Firewall, Windows Security Center, Windows Task Manager and WinPatrol.

The W32.Pintae.A@mm software connects to remote servers to download unwanted content on the user’s computer. These downloaded components are installed on the user’s machine stealthily. They may contain illicit codes that will add to the system’s vulnerability. This program enters a computer through loopholes in the security program of the system. It also takes advantage of system exploits to be able to infiltrate a computer. Reports indicate that exploits are one of the easiest ways to enter a computer without being detected by the user.