W32.Redlofwen


Aliases: W32/Redlofwen.A.worm, Win32/Masha.A
Variants:

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 25 Apr 2007
Damage: Low

Characteristics: W32.Redlofwen is a worm that infects Windows systems. It is a slow infector that causes low damage to an infected computer. It spreads by copying itself to all drives on the compromised computer. That includes removable and mapped drives. The worm is easy to remove using an updated antivirus software.

More details about W32.Redlofwen

The worm W32.Redlofwen spreads by copying itself without infecting other files. It uses different methods of propagation. It exploits vulnerabilities with the intervention of the user. It exploits vulnerabilities in file formats or applications. The intervention of the user is necessary to make the exploit successful (e.g. opening files, viewing malicious web pages, reading emails, etc.). It also propagates using computer networks. It creates copies of itself in mapped drives. Lastly, it uses shared resources. It creates copies of itself in shared network resources to which it has access. When the worm is executed, it creates the files: New Folder.exe, Top Pictures.exe, and Windows Explorer.exe. It then creates the above files on all drives, including removable and mapped drives. It also modifies the registry to make sure it loads during start up.

When the worm successfully infects a computer, it attempts to stop any processes that contain any of the following strings: virus, Trojan, scan, anti, remove, imen, windows task manager, registry editor, and system configuration utility. The W32.Redlofwen program is also capable of downloading unwanted components on the system. It uses the Internet connection to access remote websites. The program may add spyware and adware programs, worm applications and other viruses. The compromised system’s local disk space decreases due to the additional components installed on the computer.