W32.Topsec


Aliases: W32.Topsec.Worm
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Hard
Platform: W32
Discovered: 10 Oct 2002
Damage:

Characteristics: The W32.Topsec application is a worm that have bugs that doesnt allow the computer to operate as designed. It delivers an uncontaminated file to every email addresses that it locates in the inbox of the recent email program.

More details about W32.Topsec

Once the W32.Topsec was performed it looks for the C:WindowsSystem.ini file. If the worm searches for this files, it will send an email to all of the addresses found in the inbox of your recent email program. The email has a Subject of ‘TopSecret here for your PC’, a Message of ‘Start TopSecrets Energy ‘, and an attachment of ‘... This worm application allows a user from a remote location to act as the system’s administrator. The remote user can send some commands to the worm program through IRC (Internet Relay Chat) channels. The remote user is capable of downloading and executing files and programs, removing important files from the affected computer and starting or participating on web attacks against various servers.

The W32.Topsec program exploits the vulnerabilities of the web browser. The application injects its malicious scripts on the ActiveX component of the web browser. The ActiveX controls are embedded into web pages. It is a component object model (COM) developed by Microsoft to provide different functionalities on the web browser. The latest bug used by the application is the GetObject Jscript function. It allows an unauthorized user to launch arbitrary programs on the computer. Traces of the application are often found on popular web browsers such as Mozilla Firefox and Microsoft Internet Explorer. The application modifies the settings of the web browser. It replaces the start page of the web browser with a pornographic website. The search settings of the web browser are also changed by the program. It redirects the user’s web searches to an adult web portal.