Aliases: W32.Zindos.A, W32/Zindos.worm, W32.Zindos.A, Win32.Zindos.6784, W32/Zindos-A
Variants: Worm/Zindos.A, W32/Zindos.A, Win32:Zindos, Worm/Zindos.A, Win32.Worm.Zindos.A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 13 Feb 2007
Damage: Low

Characteristics: The W32.Zindos.A program is a worm that spreads through a backdoor opened on a TCP port. It does Denial of Service attacks on microsoft.com domain, making the resource unavailable to its intended users.

More details about W32.Zindos.A

W32.Zindos.A is a worm that is capable in making resources unavailable to users by doing Denial of Service attacks. When the program is executed, it probes random IP addresses on TCP port 1034, searching for Backdoor.Zincite.A – a backdoor Trojan horse that [email protected] drops. When an open port is found, the worm sends itself to the infected device, saves as an executable file, then executes. It is also able to attach itself to system registry keys so that the worm is executed every time the system starts. Once infected with the W32.Zindos.A worm, the system may become slow and unresponsive, due to a code bug that causes an infinite infection loop. Meaning, every time the application is run, system gets re-infected, to a point of a system crash.

The program is regarded as malware primarily because of the false scan results it provides the user. It also creates other undesirable consequences such as pop-up windows flooding the system, thus making computer usage difficult. The program also is responsible for severely slowing down the computer’s performance because of the marked reduction in computer memory. It also creates unwanted modifications in the user’s Web browser components.