W32.Tofazzol


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 16 Oct 2003
Damage: Low

Characteristics: The W32.Tofazzol application is a Trojan Horse that multiplies through floppy disks. The Trojan stays memory-resident and tries to erase the .jpg, .wav, .mp3, .mpg, and .dat files seen on the system.

More details about W32.Tofazzol

Once the Trojan, W32.Tofazzol, was executed to your computer it replicates itself to a variable %Windir%Rundl having .exe extension. The Trojan will locate the installation folder of the Windows and then replicates itself to the found location. This is the C:Winnt or C:Windows by default. The Trojan checks periodically the existence of the floppy disk on your computer. If there is a present one, the Trojan will then replicate itself to the :Pamela_NUD12.jpg having .exe extension. The Trojan also adds a value to the key of the registry so that when you start your windows the Trojan will automatically run at the same time.

The program is usually acquired via drive-by-download. The script of the application is embedded on a web page. The source website of the W32.Tofazzol program often contains clickable objects such as pop-up windows, embedded links and web banners. The installation script of the application is activated once the user clicks these items. The application may also arrive on the computer as an e-mail attachment. The installer file of the W32.Tofazzol program is attached on the e-mail. It is disguised as a usable program to convince the user to download and install the application. A short message is also included on the e-mail. It informs the user of the functions of the attached file.