W32.Slegon


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 28 Jun 2009
Damage: Medium

Characteristics: The W32.Slegon program is a worm that multiplies by duplicating itself to mapped and removable drives. It can download files on to the compromised computer.

More details about W32.Slegon

The W32.Slegon is a worm that multiplies by duplicating itself to mapped and removable drives. It may also get files on to the computer system. When the worm is opened, it makes the “%System%\logon.exe” file. The worm then makes registry entry, so that it opens when the Windows starts. The W32.Slegon worm might multiply by duplicating the “%DriveLetter%\autorun.exe” and “%DriveLetter%\autorun.inf” files to mapped drives. Then, the worm gets files from the following websites: “[http://]downloadoemsoftware.com/infloat/a51[REMOVED]”, “[http://]joomlaprojects.cn/infloat/a51[REMOVED]”, and “[http://]joomlaprojects.cn/bot[REMOVED]”.

Just like any other malware programs, the W32.Slegon worm is usually installed without the user’s participation or consent. It employs deceitful means to allow its installation in the user’s computer. It often bunches up with legitimate programs and files thus allowing it to be installed simultaneously with the legitimate program. The lack of security software is the usual cause of the Trojan’s ability to penetrate the user’s computer. Unsafe Internet browsing habits and the downloading of files and programs coming from unsecured websites are also typical reasons why the program can penetrate the system.