W32.Scrapkut


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: South America
Removal: Easy
Platform: W32
Discovered: 28 Feb 2008
Damage: Medium

Characteristics: The W32.Scrapkut program is a worm that propagates through the network of Orkut and downloads files from detachable locations.

More details about W32.Scrapkut

This worm utilizes a “GreaseMonkey” script to spread a scrap to all contacts in the address book of the user. The scrap has a Youtube-like picture that redirects the browser to a URL. The website prompts the computer user to download the flash player of Macromedia for them to play the video. However, the URL is actually pointing to another URL, which is a duplicate of the worm. When downloaded and installed, it shows a message box in Portuguese language saying that the plug-in has been installed. The worm also gets potentially malicious data from other URLs. The worm stores them as “%Windir%\windosremote.exe”, “%Windir%\logservicess.exe”, and “%Windir%\win32chekupdate.exe”. Then, the worm opens a batch file that tries to stop antivirus processes. Then, it opens the file the “%Windir%\win32checkupdate.exe which is the threat.

Among the characteristics of this malware is the disabling of systems or programs. Threats that are capable of doing so are cause for alarm. A number of remote administration tools and Trojans are capable of providing intruders with an access to the users’ computers by means of the Internet for the purpose of initiating restart or shutdown. At times, a number of these threats disable certain applications like anti-virus or security programs by ending the given programs’ running processes.