Aliases: W32.Olderdata, Virus.Win32.VB.cd, WORM_BRONTOK.IC, Mal/Behav-034, Mal/EncPk-BU
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Fast
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 24 Aug 2006
Damage: Medium

Characteristics: W32.Olderdata is a worm that duplicates itself to removable drives on the infected computer. It affects all Windows Operating Systems such as Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP. When the worm is opened, it will copy itself as taskmgr.exe, Kill Brontok.exe, Screen Task.scr, taskmgr.tme, TASKMGR.TXT, Autorun.inf and Boot.exe.

More details about W32.Olderdata

As it replicates, it takes up space. The space become unusable when the memory space is lessened. It also changes the boot sector and this could result to the inability of the computer to run. Registry keys are also altered so that the worm will run every time window starts. The worm may also copy itself to drives from “A” to “J” drive. After successfully copying itself, it may transmit a list of resources being shared on the compromised computer to the remote attacker by Yahoo! mail or Hotmail.

The W32.Olderdata program allegedly belongs to a large family of worms. It can open a access point in the compromised computer. This backdoor is another way to access the infected machine without undergoing the normal authenticity and security procedures. Due to this, the W32.Olderdata program is believed to carry out many malicious processes. The W32.Olderdata application can reportedly infect certain computers through disguising itself as a useful application. The target victim might have probably installed it manually without suspecting that it is a malicious application. There are reports claiming that the W32.Olderdata program can add and modify registry entries. With this, the worm is expected to run on startup.