Aliases: W32.HLLW.Darby, Worm.P2P.Darby.o, WORM_DARBY.O, W32/Darby.gen,W32.HLLW.Darby, Worm.P2P.Darby.o [Kaspersky], WORM_DARBY.O [Trend Micro], W32/Darby.gen [McAfee]
Variants: W32.HLLW.Darby

Classification: Malware
Category: Computer Worm

Status: dormant
Spreading: high
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: hard
Platform: W32
Discovered: 18 Oct 2004
Damage: medium

Characteristics: The W32.Darby.B program uses file-sharing networks, email, network file sharing, and Internet Relay Chat (IRC) to propagate. It also uses email with variable characteristics, through peer-to-peer (P2P) file sharing programs, via IRC and across networks.

More details about W32.Darby.B

The W32.Darby.B program may enter a computer through security errors that are present on a computer. It may be downloaded by other Trojan applications on a computer. It is also found on unsecure websites that are embedded with illicit codes. This Trojan application starts up each time the computer is opened or rebooted by the user. This Trojan application creates a backdoor on the compromised computer. A remote user is capable of taking control of the affected system by sending commands through HTTP (Hypertext Transfer Protocol). Some of these commands include deleting of files from the affected computer, uploading and downloading of data and participating on web attacks.

All the activities that the remote user performs on the machine are done stealthily. The activities performed may slow down the computer’s performance. This may eventually lead to system crash. Reports indicate that the W32.Darby.B application also drops some illicit components on the system. This Trojan application makes the compromised computer vulnerable in acquiring threats. The backdoor created on the affected computer is used by other malware programs to enter the user’s machine without being detected.