Aliases: W32/Eightsalone.worm, Win32.HLLW.Aitselom, W32/Esalone-A, Trojan:Win32/Delf.IR, PE_SELOTIMA.A
Variants: W32/Aitselom.A, Delf.S, Trojan.Aitselom.A, W32/Esalone.A.worm, Win32/Delf.IR

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: South America
Removal: Easy
Platform: W32
Discovered: 13 Mar 2005
Damage: Medium

Characteristics: The W32.Selotima.A is a worm that spreads through file sharing networks and attaches itself to .rar and .zip archives.

More details about W32.Selotima.A

When the W32.Selotima.A worm is opened, it duplicates itself as “a:\Readme.txt.exe”, “c:\Readme.txt.exe”, and “%Windir%\daemon.exe”. Take note that “%Windir%” is a variable that submits to the installation folder of Windows. By default, this is C:\Winnt or C:\Windows. The worm drops the files “%Windir%\Infect.drv”, “%Windir%\Infectate.reg”, and “%Windir%\Muerte.drv”. The worm adds a value to the registry key so that the worm opens each time the Windows starts. The worm looks for .rar or .zip files and attaches itself as “Readme.txt.exe” to the archive.

According to various reports, the threat level for the W32.Selotima.A program is high. In general, high risk malware are installed with no user interaction via security exploits, and can cause system security to be severely compromised. These risks may possibly open illegal network links, disable security applications, utilize strategies to self-mutate, and alter system files. In addition, such risks may gather and send personally identifiable information (PII) without the user’s permission and reduce the computer’s stability and performance. It is possible that the W32.Selotima.A program aims to open a big security hole through which malicious spyware and adware can be installed into the computer. It also opens a backdoor that enables the remote attacker to acquire complete control over the comprised computer.