W32.Slackor


Aliases: MultiDropper-DC, Trojan.MulDrop.310, Troj/Mdrop-DD, TrojanDropper:Win32/Yabinder.2_0, TROJ_YABINDER.20,
Variants: Dropper.Agent.2.U, Trojan.Dropper.Yabinder.2.0, Trojan Horse.AP, Win32/TrojanDropper.Yabinder.C,

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 05 Mar 2003
Damage: Low

Characteristics: The W32.Slackor program is a worm that tries to duplicate itself through Windows NT based networks. When trying to look for computers to contaminate, the worm queries other PCs making use of TCP port 445.

More details about W32.Slackor

The W32.Slackor program is a worm that tries to duplicate itself through Windows NT based networks. When trying to look for computers to contaminate, the worm queries other PCs making use of TCP port 445. The W32.Slackor application is created with the following components: “Cnn3.exe”, “Psexec.exe”, “Abc.bat”, “ips.txt”, “Slacke-worm.exe”, and “Main.exe”. When the “Slacke-worm.exe” opens, it produces a lot of random Internet Protocol addresses. If your computer’s Internet Protocol address utilizes the form “[Addr1].[Addr2].[Addr3].[Addr4]”, then the randomly produced Internet Protocol addresses are in form of “[Addr1].[Addr2].[0-255].[0-255]”.

The W32.Slackor worm program has several modes of installations. The downloader Trojan program may come bundled with other malicious program. It may also infect the computer via drive-by downloads. Drive-by download executes when the user visits unreliable websites with malicious contents.