W32.SillyDC


Aliases: Generic!atr, Virus.Win32.AutoRun.abt, W32/Imaut-A, W32/YahLover.worm, WORM_VB.FQO
Variants: Worm.Win32.VB.ck, Worm.Win32.AutoRun.ek, Worm.Win32.AutoRun, Worm.Win32.VB.fi, Generic BackDoor.u

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, Europe
Removal: Easy
Platform: W32
Discovered: 04 Oct 2006
Damage: Low

Characteristics: The W32.SillyDC program is a generic exposure that identifies variants of the W32.Silly worms family that multiplies by duplicating itself to removable hardware and can download other nasty applications.

More details about W32.SillyDC

The W32.SillyDC program is a general detection that identifies variants of the W32.Silly worm family that multiplies by duplicating itself to detachable media and can download malicious applications. Once opened, the worm makes a duplicate of itself in the “%System%” or “%Windir%” folder. The W32.SillyDC then changes the registry so that it is opened each time Windows opens. In most cases, the W32.SillyDC utilizes one or more of the loading points to be sure that it opens when you begin Windows. The worm multiplies by duplicating itself to detachable storage devices. When the detachable device is contaminated, the “ZAYLE” string may pop up on the context menu.

The W32.SillyDC worm is often obtained by users while browsing the World Wide Web. The program is often acquired on websites with drive-by download scripts. The installation code of the application is encrypted on embedded objects found on the web page. These clickable items may take the form of pop-up windows, web banners, side bars or links with popular name tags. The user may unknowingly install the program when these embedded items are clicked. Other distribution channels utilized by the application include e-mail, peer-to-peer (P2P) files sharing networks and shareware and freeware programs.