W32.Secet.Worm


Aliases: I-Worm.generic, W32/Alcop.gen@MM
Variants: WORM_SECET.A, W32/Secet-A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 04 Mar 2002
Damage: Low

Characteristics: The W32.Secet.Worm program is a mass mailing worm that transfers itself to all addresses in the address book of Microsoft Outlook.

More details about W32.Secet.Worm

This worm software is able to spread to other systems on its own. Once it enters the system, it creates multiple copies of itself. It may drop the infected files in network shares. Other computers connected via the Local Access Network (LAN) may be infected via shared folders or printers. Initialization (.ini) files may also be placed in system drives. Each time a removable memory device is connected to the drive, the .ini file is accessed. This leads to the worm program. The device is infected so that it can spread the worm application to other computers. There are reports saying that this worm sets up and downloads a Trojan backdoor. It is thought that the function of this worm means additional troubles for the user. Since backdoor Trojans could open the contaminated computer to external and remote control through the Local Area Network or Internet, the computer could then be controlled to make actions not authorized and wanted by the user.

The application may enter the system via peer-to-peer (P2P) file sharing networks. An infected file may be disguised as a popular download. It can use the P2P-shared folders in infected computers. The worm software can place copies of itself in these locations so that they are spread. The W32.Secet.Worm program can also spread via network shares. If the shared folders are protected with a password, the application will try to guess the log-in. It uses a number of vulnerabilities in the Windows operating system to do so. This includes the Remote Buffer Overflows RPC DCOM, LSASS and Plug and Play. Backdoors that are already opened may also be used.