Aliases: Win32.Cycle.A [Computer Associ, WORM_CYCLE.A [Trend], W32/Cycle.worm.a [McAfee]
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: dormant
Spreading: slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: hard
Platform: W32
Discovered: 10 May 2004
Damage: medium

Characteristics: The W32.Cycle application attacks Microsoft Windows LSASS Buffer Overrun Vulnerability and it affects only Windows 2000 and Windows XP.

More details about W32.Cycle

The W32.Cycle application is a downloader application that attacks Microsoft Windows LSASS Buffer Overrun Vulnerability. Once it is installed on the computer, it will connect to the Internet without the user’s knowledge. The process is executed by breaking the system’s security enabling connection to a remote location. The program may download unsolicited files and applications such as adware, spyware, and dialer programs. These files may be used to take control of the system. The W32.Cycle application may disable a program or a system. The application may particularly disable anti-malware programs and the personal firewall. It may enable a remote user to access the user’s computer via the Hyper Text Transfer Protocol (HTTP) and execute a shutdown or boot-up.

The W32.Cycle application installs without the permission of the user. It does present an End-User License Agreement (EULA). The program installs itself to the Master Boot Record (MBR) so that it will not be detected by the Task Manager. The program may then work within the computer background. It also generates new registry keys so that the program will be automatically executed every time the computer boots up.