Aliases: Worm.Win32.Randin.c
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Dormant
Spreading: Fast
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 14 Oct 2004
Damage: Low

Characteristics: W32.Nits.A is known to be a network aware worm that automatically executes an HTTP proxy on the compromised computer. It attacks Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT and Windows XP Operating Systems. Like many other worm, it duplicates itself as “msdata.dat” on windows system folders. Majority if this worm’s function is to copy itself with the hidden and system files.

More details about W32.Nits.A

The space becomes unusable while the memory space is lessened. Which in turn, promotes computer or system slow down and or crashes and what’s worse, your system may become inoperable. It drops these files on the windows system directory folders. Then launches a command that creates random IP addresses which use, system32, and ipc$. The worm uses combinations of these strings as user names and passwords for authentication these are, 007, 121, 123, 1234, 12345,12346, 123467, 1234678, 12346789, 123467890, access, accounting, accounts, adm, admin, administrator, afro, asd, backup, Barbara, bill, blank, brian, bruce, capitol,changeme, cisco, compaq, control, ctx, data, database, databasepass and databasepassword.

The author of the W32.Nits.A program could make duplicates of all files in the compromised system, including confidential ones. He could also download more malware into the affected system. It is possible that the W32.Nits.A program could result into identity theft as a result of the exposure of the victim’s personal information. It could also lead to actual theft because a criminal could get the passwords to the user’s financial accounts. The invasion of the user’s privacy could even result into harassment and blackmail.