W32.Sigougou


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 13 Nov 2008
Damage: Medium

Characteristics: W32.Sigougou is a worm that multiplies through network shares and mapped drives protected by fragile passwords. It tries to disable the security related procedures and can download files on the compromised computer.

More details about W32.Sigougou

W32.Sigougou is a worm that spreads itself through network shares and mapped drives protected by fragile passwords. It tries to disable the security related procedures and can download files on the compromised computer. Once the virus is opened, the worm duplicates itself as “%System%\sbsb.exe” and “%SystemDrive%\sbsb.exe”. The W32.Sigougou program then erases the initial duplicate of it and begins the execution once again from a new target location. The worm makes a registry entry, so that it opens each time your windows starts. It changes the registry entries to disable the Windows updates and Task Manager. The W32.Sigougou program then changes some registry entries to avoid the execution of particular applications.

The W32.Sigougou program multiplies by duplicating itself to all mapped and fixed drives and network shares secured by fragile passwords. The W32.Sigougou worm makes the “%SystemDrive%\AutoRun.inf” files on all mapped and fixed drives and network shares so that it runs whenever the drive is opened. The W32.Sigougou worm will attempt to occasionally download a secluded file from “[http://]nb88.cn/ad/list[REMOVED]”. The downloaded files are hidden in the user computer. The W32.Sigougou program may utilize a rootkit tool to rename the downloaded files. This enables the additional program to install and perform its function while remaining in the background.