W32.Rispif.A


Aliases: I-Worm.Serab.c, W32/Serab.worm.gen, W32/Serab-C, Win32/Serab.C@mm, WORM_SERAB.C,
Variants: W32/Serab.C, Win32:Serab-B, I-Worm/Serab.C, Win32.Serab.C@mm, Worm Generic

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia
Removal: Easy
Platform: W32
Discovered: 19 Aug 2008
Damage: Low

Characteristics: The W32.Rispif.A program is a worm that propagates by duplicating itself to fixed and removable drives from C to Z.

More details about W32.Rispif.A

The W32.Rispif.A program exploits vulnerabilities on the Windows Operating System. These vulnerabilities enable the application to open various ports on the computer. Some of the Transmission Control Protocol (TCP) ports opened by the application include TCP port 135 and TCP port 445. These opened ports allow remote users to have unauthorized access on the computer. The application installs its core component on the System directory. It also makes modifications on the system’s registry upon installation. It adds a start-up registry key which allows the program to run automatically at every Windows boot up. It is compressed with the Ultimate Packer for eXecutables (UPX) runtime packer. The program was first discovered on the Internet on August 19, 2008.

The W32.Rispif.A program spreads over the computer network while dropping malware applications. It is a program that spreads itself across a network. It can copy itself without the intervention of the remote user. It can also inject itself in the files of the user’s computer. The W32.Rispif.A program opens a hidden port or backdoor in the user’s computer. The server component of the program may use the backdoor to connect to a client program located in a remote computer. The remote server can download unsolicited files from the Internet. It is also described as an Internet Relay Chat (IRC) worm. It sends a message to all contact lists found in the instant messaging programs. The instant messaging programs include Yahoo messenger! and MSN Messenger.