W64.Bounds


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W64
Discovered: 09 Aug 2006
Damage: Low

Characteristics: Most computer users believe that the W64.Bounds program can be classified as a high risk threat. This is because it installs without any user interaction by exploiting security vulnerabilities.

More details about W64.Bounds

W64.Bounds is a type of virus that infects all Windows 64-bit executable files. This virus tends to attack all files in the current directory and subdirectories, regardless of the file extension, whenever an infected file is executed. The W64.Bounds virus is not designed to spread efficiently, thus it does not spread over the network on its own, and does not attempt to leave the infected computer using methods such as email. This is because the virus, W64.Bounds, was made out of concept to prove that viruses may gain low-level access to hardware and bypass kernel and user-level protection mechanisms. The W64.Bounds program uses a new algorithm in encrypting itself, making it not easy to detect. This exploits a Windows feature that is available only to AMD64 systems.

In majority of the instances of infections, security applications and protocols running in the system are illegally terminated by the malware. This is seen as an attempt to prevent any possible hurdle to the delivery of its payload. The downloaded additional malware may belong to various types of security risks that may range from adware, spyware, viruses, or Worms among others. It may also download component files that provide the malware with additional functionality.