W32.SillyFDC


Aliases: Win32.HLLW.VB.d, W32/Generic.d, Win32.HLLW.Conta.20480, Win32/HLLW.VB.D, WORM_VB.D
Variants: Win32/VB.H, W32/HLLW.VB.D, Win32/HLLW.VB.D

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, Europe
Removal: Easy
Platform: W32
Discovered: 27 Feb 2007
Damage: Low

Characteristics: The W32.SillyFDC program is a generic exposure that identifies variants of the W32.Silly worms family that multiplies by duplicating itself to removable hardware and can download other nasty applications.

More details about W32.SillyFDC

The W32.SillyFDC program is a general detection that identifies variants of the W32.Silly worm family that multiply by duplicating itself to detachable media and can download some other malicious applications. When the worm is opened, it may duplicate itself to the “%System%, “%Windir%”, “%Temp%”, “%UserProfile%”, “%ProgramFiles%”, “%SystemDrive%”, “%CommonProgramFiles%”, and “%CurrentFolder%” folder locations. Making use of the “CALC”, “calc”, “mscalc.exe”, “startupfolder”, “config_”, “startupfolder.com”, and “config_.com” file names with a “.exe” or “.com” extension. The W32.SillyFDC program then scans the computer system to make duplicates of itself in different folders. The W32.SillyFDC program will utilize the existing folder name as its new filename.

For instance, the folder of ABC will have a duplicate of the worm in the folder as “ABC.exe”. The W32.SillyFDC worm may duplicate itself in drives A to drive Z. Then. The worm may append a value to registry keys so that it opens each time Windows begins. The W32.SillyFDC worm may try to duplicate itself to mapped drives and removable drives, as well as making the “[REMOVABLE DRIVE]:\Autorun.inf” file so that the worm opens each time the removable drive is placed to a computer.