Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 24 Apr 2007
Damage: Low

Characteristics: The W32.Validin html application is a common detection for infected files by w32.Validin. When an infected file is opened, it will initiate the browser to perform the subsequent script from isolated websites.

More details about W32.Validin

When the W32.Validin was performed, the worm infects files on the victim machine. In case the infected is being opened by the user, the browser will be initiated to perform the [http://]htmlcss.3322.org/sub/ray[REMOVED] script from the Web site that is remote. The [REMOVED] is the file is being removed. The script will then appends an iframe that is hidden to the file so it can redirect the browser of the internet to a malevolent site where it may be exploited by the system vulnerabilities, for instance is the Microsoft MDAC RDS. BID 17462 (Dataspace ActiveX Control Remote Code Execution Vulnerability) to download the malevolent updates or threats of the W32.Validin. The infected files that have .php, .aspx, and .asp files may also be accessed through the back door on the computer that is compromised.

Experts believed that the W32.Validin program incorporates a backdoor-creation function. This method of access allows the malware to connect to a remote server to download other malicious programs to be installed directly on the compromised system. There were reports that this program uses a stealth design that allows it to stay active in the computer's memory while initiating its own basic functionality to avoid being detected by the user. Removal may be easy but the manual process must be done in order to make sure that all its file traces are removed from the computer.