Aliases: Virus.Win32.Jolla.a, W32/Zelly.a, Win32.Vallez.18772  
Variants: W32/Zelly-A, PE_ZELLY.A,  W32/Jolla.A, W32/Zelly.A, CRYPT.WIN32

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 10/22/204
Damage: Low

Characteristics: The W32/Zelly program is a parasitic file infector that affects Windows Operating System such as Windows 2000, Windows 98, Windows 95, Windows NT, Windows Server 2003, Windows Me, and Windows XP.

More details about W32.Zelly

When W32.Zelly runs, it displays a message box that contains a message “this file is infected with Win32.JollyRoger” then tries to infect files in your current directory. It will randomly select between two infection modes such as single-section/EPO and dual-section. In the dual section infection mode, the Zelly appends in to two sections to the host file and these are the decryptor of the virus and the encrypted virus body. Then it redirects the entry point of the host into the virus decryptor. In the single section/EPO, W32/Zelly merges all sections of the host file to one section.W32.Zelly attaches numerous polymorphic decryptors, a random amount of padding, and the encrypted virus body.

The system infected by the W32.Zelly program can also be made to participate in Denial of Service (DoS) attacks. These attacks involve sending large amounts of malformed and repeated data to remote machines. The receiving server will be unable to process the information. This will cause the computer to crash. Targets of these attacks often host websites or chatting servers. This software can also install other malicious files into the system. This can include adware, spyware, and Trojan programs.