W32.Xau


Aliases: Email-Worm.Win32.Xauboy , I-Worm.Xauboy , W32/Xau@MM , W32/Xuaboy-A , Win32/Xauboy.A@mm (RAV)
Variants: W32/Xauboy.A, Win32:Xauboy, I-Worm/Xauboy.A, Win32.Xauboy.A@mm, Worm Generic 

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 18 Jun 2003
Damage: Low

Characteristics: The W32/Xau@mm program is a mass mailing worm and because of the bug in its code, it will not properly spread. W32.Xau@mm is written in the Delphi language. It affects windows platform such as Windows 95, Windows 2000, Windows 98, Windows NT, Windows Me, and Windows XP.

More details about W32.Xau

Once the worm is executed on your system, it shows pornographic picture in the message box that entitled "XAXU.:. The worm is adds value to the registry key in order for the virus to be executed once the windows start. It as well gathers e-mail addresses on your windows address book and tries to send e-mail messages. However, due to the bug on the virus code, it fails to execute infection. When the original file name is "%SYSTEM%\ctfmonn.exe," it will copy itself as another file name and this is particularly the "%SYSTEM%\xuxa.exe."

This W32.Xau application makes the compromised computer vulnerable in acquiring threats. The backdoor created on the affected computer is used by other malware programs to enter the user’s machine without being detected. The W32.Xau program allows remote intruders to gain control of an affected computer through HTTP connections. It is also capable of downloading and executing illicit programs on a computer.