Aliases: W32/Generic.d, Win32.HLLW.Simtk, W32/Kedebe-A, Win32/Kebede.A@mm, WORM_KEDEBE.A
Variants: Worm/Kedebe.A.1, W32/Kebede.A@mm, I-Worm/VB.2.BQ, Win32.Kedebe.A@mm, W32/Kedebe.A.worm,

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Europe, North America, Asia
Removal: Easy
Platform: W32
Discovered: 08 Apr 2005
Damage: Low

Characteristics: The W32.SillyWNSE program is a general detection that identifies variants of the W32.Silly family worms that multiplies by duplicating itself to network shares and can infect executable files.

More details about W32.SillyWNSE

When the W32.SillyWNSE worm is executed, it may create a duplicate of itself in the “%System%” or “%Windir%” folder. W32.SillyWNSE changes the registry key so that it is opened each time Windows opens. In a lot of cases, the W32.SillyWNSE utilizes one or more of the loading points to be sure that it opens when you begin Windows. This worm multiplies by duplicating itself to network shares. This worm can also infect executable files. The W32.SillyWNSE worm may also be capable of copying its components to external storage devices attached to the infected machine. The root-kit design will allow the program to create a hidden file directly on the device which will be read by other Windows platform.

According to several users, the W32.SillyWNSE worm program may also redirect the victim computer’s Web browser to specified websites or other Internet resources in two ways. First, it could send commands to the Web browser. Second, it could replace system files where Internet URLs are stored. Hackers may also use the clicker Trojan to increase the hit-count of a specific website for advertising reasons. Hackers may also lead the victim computer to an infected Internet resource where the computer will be attacked by other malware. Hackers may also use the Trojan to organize a DoS attack on a particular website or server.