Aliases: IRC-Worm.Win32.Wun , IRC-Worm.Wun , W32/Wunom.worm , Win32.IRC.Generic.4 , mIRC/Wun-A 
Variants: Win32/HLLW.Wun, WORM_WUN.A , Worm/Wunom.1, W32/Wun.A, Win32:Wun 

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 05 Nov 2002
Damage: Low

Characteristics: The W32.Wuno.Irc program is an IRC worm which tries to send a copy of itself to other users of mIRC. It is written in Microsoft Visual Basic language. This worm affects Windows 2000, Windows 98, Windows 95, Windows NT, Windows Me, and Windows XP. Since this worm is dated before 8, 2002 may detect this threat as W32.Wun.Irc.

More details about W32.Wuno.Irc

Once W32.Wuno.Irc is executed, it copies itself as WinUninst32.exe and .exe on windows directory. It adds value in the registry key in order to execute the virus when Windows restart. The worm restores the location of the Program Files folder from the registry and searches mIRC.ini files. Once the file mIRC.ini exists, it creates the file Script.ini in similar folder as mIRC.ini. W32.Wuno.Irc attempts to utilize this script file to send a copy of itself to another mIRC utilizers. The messages that the worm sends to other mIRC users could be either “check it out,” “this is funny,” “have a look at this file,” “haha,” “really funny,” and “now this is something really fun.”

The W32.Wuno.Irc software opens an unused system port. It may scan the computer for a list of available ports. It may then choose one at random. The port is used to connect to a remote server. The connection is largely made through HTTP (HyperText Transfer Protocol). The information that passes through the backdoor is unmonitored by security software. The W32.Wuno.Irc application connects to a remote server. It may send a notification that an infection has been completed. This can involve sending system information. Data sent may include the operating system used, IP address, computer name, programs installed, and hardware data. The program will wait for instructions that it will execute without the user’s consent.