Aliases: WORM_FUNNER.A, W32/Funner.worm, Win32.Funner.A, MSN-Worm.Funner, W32/Funner-A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Dormant
Spreading: Slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 11 Oct 2004
Damage: Medium

Characteristics: This worm spreads through Microsoft's MSN Messenger. MSN Messenger is an instant messenger program. All platforms of windows are vulnerable to this worm, may it be Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT and Windows XP through which an MSN Messenger is installed. It uses MSN Messenger application to send and spread the worm to the compromised computer. This worm comes as link in MSN messenger, which is written again in Visual Basic program and would only work if you have activated or installed a Visual Basic application in Microsoft.

More details about W32.Funner

Reports say that it sends “c:\funny.exe” link or file to all the contacts of the compromised computer’s Microsoft MSN Messenger instant message program. It is also considered as IM-Worm. Another instance of a backdoor worm packed with ASPack. Once the virus is currently installed in your computer, the worm multiplies itself to the system directory as well as to several shared directory of P2P applications. The compromised computer’s windows system directory folder is equipped with infected files such as, “IEXPLORE.EXE,”rundll32.exe,”userinit32.exe” and “funny.exe” files. After copying it automatically executes the first three files and spreads. The three files make sure that the other two are running and will restart them if any are stopped. When it is running, the worm also monitors its processes by maintaining a log file, “bsfirst2.log” on the windows system directory folder. This worm also continuously contacts “www.78p.com” domain and download various components. As such, Funner worm is another malicious worm that has backdoor capabilities which steals private or confidential files or data from the compromised computer. It can also be destructive, having the ability to also download malware on a compromised computer.

It is possible that the main job of this W32.Funner program is to create a backdoor through which an intruder can extend his or her remote influence into the affected PC. According to some experts, this is a kind of loophole in the system where a remote attacker can reach out to the infected computer and do things as if it were his own machine. The W32.Funner program can slow down the affected PC and may even cause it to crash. It could also further compromise the machine because the intruder could shut down the security programs. It could also result into identity theft, invasion of privacy, and other crimes. This is because the hacker would be able to read all of the confidential files, including passwords to bank accounts.