W32.Shakir


Aliases: I-Worm.Lafon.c, W32/Shakirapics.worm!p2p, Win32.HLLM.Generic.165, W32/Shakira-A, Win32/Shakpics.A@mm
Variants: WORM_SHAKPICS.A, Win32:Trojan-gen., I-Worm/Shakirapics, Win32.Shakpics.A@mm, W32/Shakir

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Hard
Platform: W32
Discovered: 13 Mar 2003
Damage: Medium

Characteristics: The W32.Shakir program is a threat that is identified as a Mass Mailer. A mailing worm is independent malicious code that multiplies by sending itself by the use of e-mail.

More details about W32.Shakir

The W32.Shakir program is compressed with UPX and is written in the Microsoft Visual Basic programming language.W32.Shakir is a mass mailing worm virus that utilizes MS Outlook to spread itself to all the contacts in the address book of Microsoft Outlook. When W32.Skakir opens, it copies itself as MyLife.pif in the drive C. Then adds the value “Win32” = “C:MyLife.pif”. The worm utilizes MS Outlook to spread itself to all the contacts in the address book of MS Outlook. The worm has code to erase all the files on drives F, E, and D.

The W32.Shakir worm is commonly obtained by unsuspecting users via drive-by download. The installation script of the program is often injected on embedded objects found on unreliable websites. These websites are often related to commercial advertising and adult web portals. A user may unknowingly install the application when the embedded items are clicked. The clickable items may take the form of pop-up windows, web banners and links with pleasing name tags. The W32.Shakir worm program may also be acquired through other distribution methods such as e-mail attachments, peer-to-peer (P2P) file sharing networks, instant messaging tools and freeware and shareware applications. The installation of the program is done without the user’s knowledge.