W32.Poreon.Worm


Aliases: Win32/Kaz.28672
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 14 Jul 2002
Damage: Low

Characteristics: W32.Poreon.Worm first appeared on July 14, 2002. W32.Poreon.Worm is a network-aware worm that spreads by producing a copy of itself using AOLSUCKS.EXE to randomly chosen network shares. This worm mostly affects Windows 2000, 95, 98, Me, NT and XP.

More details about W32.Poreon.Worm

Once W32.Poreon.Worm is executed, the worm produces copies of itself as AOLSUCKS.EXE to network shares as well as Command.exe, Sircam.exe, Norton.exe, Dave.exe, Floppydrive.exe, Scr.scr and Kazaa.exe in drive C. The worm modifies the default value to the system registry key so that the worm runs everytime the Windows starts. The worm also configures itself to execute when .exe, .com and .scr files run. To be able to do that, the worm alters the default values of some system registry keys.

The W32.Poreon.Worm program enters a user’s computer through security exploits. It may unknowingly be downloaded by the user while visiting websites that are not secure. It is stealthily installed on the user’s computer. It does not get the user’s consent before installation. This program is capable of launching at each computer start-up.The W32.Poreon.Worm application is said to place an icon on the computer’s start menu and on the compromised system’s desktop.