Aliases: Trojan.Balick
Variants: N/A

Classification: Malware
Category: Trojan Horse

Status: Active and Spreading
Spreading: Slow
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 27 Nov 2002
Damage: Low

Characteristics: The W32.Balick.Trojan is a malware capable of obtaining pay per click credits for its creator. This Trojan uses the filename Csss.exe as its main executable file.

More details about W32.Balick.Trojan

The W32.Balick.Trojan program is used by Internet marketers because it is intended to generate pay per click credit and artificially produce Web traffic to specific websites. This malware may be capable of sending HTTP requests to generate clicks on pop-up ads and banner ads and to increase a website’s counter statistics. This Trojan runs completely silent in the compromised machine without the user’s knowledge. This malware may be acquired by visiting websites with infected Web pages or by downloading an infected attachment from a random email message. Once the W32.Balick.Trojan program is run in the host machine, it will display a ‘Setup’ message box. When a user clicks on the ‘I agree’ button, the malware will automatically copy itself in the C:\ windows\ system folder with the filename Csss.exe.

This virus has also been observed to add certain values to a certain registry key in the system. The value added by the Trojan will allow the Trojan to execute on Windows startup and contact websites to obtain ad-click credits. On the other hand, if a user does not click the ‘I agree’ button and instead clicks on the ‘I do no Agree’ button, the malware will exit. Manual removal of this virus together with its variants and associated programs must be carried out immediately.