Aliases: Trojan.delf.rsd
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: N/A
Platform: W32
Discovered: 17 Aug 2007
Damage: Low

Characteristics: W32.Lashplay is a worm. It duplicates itself to all drives on an infected computer. The worm spreads through network shares. Since it is a backdoor worm, it allows hackers to access sensitive data on an infected computer. Once a computer is infected, it gives hackers full control over the system.

More details about W32.Lashplay

W32.Lashplay is a backdoor worm. It spreads through network sharing applications. It allows attackers to access sensitive information and gives them full control over an infected computer. When the worm is executed, it copies itself on all drives using the filename [DRIVE LETTER]:\readme.txt.exe. In all drives that it finds, it creates files named flashplay.dll and autorun.inf. It then drops the file flashplay.dll in the Windows System folder. If this file is detected on a computer, it is an indication that the W32.Lashplay worm has infected the system. The flashplay.dll injects itself into running processes and makes its detection and removal difficult. In order to install a Browser Helper Object (BHO), it creates registry entries. The installed BHO may display advertisements. It may also download updates from a website.

The W32.Lashplay software may enter the system via spam e-mails. The programmers themselves may generate these to spread their malware applications. The messages will often appear to be from someone the user knows. An interesting subject line may also be used to entice the user to open the e-mail. The W32.Lashplay application is typically enclosed in a RAR archive attached to the e-mail. The archive commonly contains other archives, files and folders. The installer for the software is placed inside one of the embedded archives. The other files and folders may be decoys. The attachment may be labeled as a presentation or joke so that the user will open it.