Aliases: W32/Mexer-E, P2P-Worm.Win32.Mexer, Worm.P2P.Mexer, [email protected], W32/Splint!p2p
Variants: Win32/HLLW.Mexer, W32/Mexer-B, Worm/Mexer.B, Win32/Mexer.B, WORM_MEXER.A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: N/A
Removal: Hard
Platform: W32
Discovered: 08 Aug 2003
Damage: Low

Characteristics: According to most antivirus developers, the W32.Mexer.B.Worm belongs to a family of Worms which prey on specific Peer to Peer file sharing networks by taking advantage of the functionalities of the clients associated with these networks. This malware makes use of the interconnection of users to spread its codes to different potentially vulnerable machines. It has been observed that this Worm has the functionality of connecting to predetermined websites to download and executer malicious files.

More details about W32.Mexer.B.Worm

Executing the W32.Mexer.B.Worm into a vulnerable computer system will lead to the extraction of a number of executable files into the directory folder of the operating system. These files have been observed to misrepresent themselves as types of key generators or crack codes to some operating system versions or computer video games. These types of files are normally searched by different computer users connected to Peer to Peer file sharing networks. The W32.Mexer.B.Worm attempts to take advantage of this queries by masking its malicious components as legitimate files created for the purpose of cracking software. The W32.Mexer.B.Worm has been determined to download the Backdoor.Slackbot.B malware from a website determined by its malicious author. Once successful it will be executed in the infected machine.

Execution of the downloaded malware will create an executable file component in the root directory of the main hard drive. The W32.Mexer.B.Worm will modify the contents of the Windows Registry by adding new key values so that it can hook the functionality of the Peer to Peer file sharing client. The W32.Mexer.B.Worm also uses the Windows Registry to monitor and negatively impact the file transfer mechanism of the application. The backdoor component of the W32.Mexer.B.Worm will provide the remote attacker a wider control over the compromised computer system and have an unlimited access to its resources and contents.