Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 14 Jan 2008
Damage: Low

Characteristics: W32.Nekat.A is a worm that propagates through removable storage devices, while simultaneously lessening security settings and disabling antivirus and firewall on the compromised computer. It affects all windows platforms namely Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP. In order to conceal its malicious actions, this worm generates registry entries which conceal or even disable many functions of the control panel, windows task Manager, registry editor and the command shell. Once executed, the worm also creates files in both local and removable drives named as test.com, Cmdlg, MsMsgr.exe, service, win32service, cftmon, winlogon, spoolsvs, SysTray.com, and scvhost.exe.

More details about W32.Nekat.A

File extension varies from .exe, .com, and .scr. This process of spreading through copying itself with the hidden and system attributes fills your computer with insignificant files. As it reproduces, it takes up space. The space becomes unusable while the memory space is lessened, which in turn, promotes computer or system to slow down and/or to crash. Because of these, your system may become inoperable.

Through the W32.Nekat.A program, the hacker may have an almost unlimited control power over the infected computer. The remote attacker can delete files, install programs, spy on the victims, or use the compromised machine for Web attacks. However, many reports also indicate that the W32.Nekat.A program may be intended for downloading unwanted and unsolicited files. The files created by this program can make this attainable without arising any suspicion from the victim. This worm may possibly start downloading once a network or Internet connection is already available. It will most likely connect to its creator’s computer and get copies of malware from there.