W32.Spamuzle


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Trojan Horse

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 01 Aug 2008
Damage: Medium

Characteristics: The W32.Spamuzle program is a Trojan that multiplies by duplicating itself to mapped drives. The worm changes system files and tries to send spam email. It downloads files and steals info from the computer.

More details about W32.Spamuzle

The W32.Spamuzle trojan tries to change the following files: “%System%\user32.dll” and “%System%\dllcache\user32.dll”. Then, it makes registry entries. The worm then deletes the following DNS cache entries: “63.226.12.96”, “216.231.41.2”, and “204.117.214.10”. The W32.Spamuzle tries to open the following URL’s: “[http://]91.194.76.142/sch[REMOVED]” and “[http://]91.194.76.142/formu[REMOVED]”. The W32.Spamuzle worm may then gather email addresses for them to send spam messages, download files, and verifies for the existence of a certain installed program by looking in the registry. The worm spread the collected info to a remote server. It then multiplies by duplicationg itself to fixed drivers on the computer system.

The W32.Spamuzle program is a trojan that multiplies by duplicating itself to fixed drives. The worm changes system files and tries to send a spam email. It downloads files and may get info from the computer as well. Take note that virus with earlier version may identify this worm as Trojan.Spamuzle. When the worm opens, it duplicates itself as the “%System%\nvrsul32.dll” and “%System%\pla.ax” files. It also makes the “%System%\[RANDOM LETTERS]”, “%System%\drivers\atmapi.sys”, “%System%\fre.xc”, “%System%\mdfg.odl”, and “%System%\sfmrr.r” files.