W32.Alcaul.Kit


Aliases: Alcaul.Kit W32.Alcaul.Worm, W32.Alco.gen
Variants: VBS.Alcaul.Gen

Classification: Malware
Category: Trojan Horse

Status: Inactive
Spreading: Slow
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 04 Apr 2003
Damage: Low

Characteristics: The W32.Alcaul.Kit is a type of 32-bit application for the Windows environment which is based on the Visual Basic Scripting language. It allows the creation of a Worm script which can harvest email addresses and take over the functionality of Microsoft Outlook to spread its codes using email messages.

More details about W32.Alcaul.Kit

A system infected by the W32.Alcaul.Kit program will find multiple copies of the malware's support files. This is presumed to be done to complicate the removal process of this threat. The support files are likewise scattered in various directories, folders, and sub-folders of the infected hard drive. Early indications of infections from the W32.Alcaul.Kit program include the presence of the Worm.vbs, Attachement1.vbs, Attachment2.vbs, Vbsworm.vbs, Anytime.vbs, and Xiandong.vbs files among others in the root directory of the main hard drive. One or more of these files are used as attachments to the email message it sends via the Microsoft Outlook client. The address book of Microsoft Outlook is used to determine the recipients of the spiked email message. The structure of the message itself is believed to be random as no specific pattern has been identified.

Once the W32.Alcaul.Kit program has successfully infected a computer system, it locates and corrupts HTML and JS extension files. It also makes use of the Script.ini file to take over certain function sets of mIRC and distribute more dangerous email messages. It is likewise believed to make use of a macro virus routine to infect and corrupt documents created Microsoft Word. The ability of the W32.Alcaul.Kit program to gain access to Internet resources allows it to issue continuous Ping commands to specific websites causing unnecessary allocation of system resources.