W32.Timese.AG


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 25 Mar 2004
Damage: Low

Characteristics: The W32.Timese application shows the time and date on the windows active title bar. It places itself at startup to run and tries to replicate itself to the floppy disk drives.

More details about W32.Timese.AG

Once the W32.Timese was executed it replicates itself as :\Timer, %Root%\Timer, and %Windir%\Timer all having a .exe extension. The %Root% refers from the drive, typically in Drive C, as the root. The %Windir% also a variable where the Trojan locates the folder of the Windows installation and then replicates itself. The Trojan also adds value to the keys of the registry.This worm application allows a user from a remote location to act as the system’s administrator. The remote user can send some commands to the worm program through IRC (Internet Relay Chat) channels. The remote user is capable of downloading and executing files and programs, removing important files from the affected computer and starting or participating on web attacks against various servers. The worm program can also get information regarding the affected computer. This includes the RAM (Random Access Memory), the user’s IP (Internet Protocol) address, the operating system and the programs that are installed on the user’s computer. The user’s PII (Personally Identifiable Information) can also be transmitted to the remote user.

There are many ways the W32.Timese program may infect a system. It may be via exploitation of security flaws. This involves taking advantage of programming errors and security loopholes of installed software in the user’s computer. It may also infect the system through spam e-mails. These mails usually contain misleading subjects to trick the user into downloading the attachments. The attachment may be a self-extracting RAR file. It automatically installs the W32.Timese application upon completion of download.