Aliases: chainsaw.exe/ petrol chainsaw
Variants: N/A for W32.Chainsaw.Worm

Classification: Malware
Category: Trojan Horse

Status: active
Spreading: low
Geographical info: Low
Removal: medium
Platform: W32
Discovered: 14 Sep 2000
Damage: medium

Characteristics: The W32.Chainsaw program is considered a network worm. It spreads as Chainsaw.exe to shared drives.

More details about W32.Chainsaw.Worm

W32.Chainsaw spreads by randomly getting IP addresses and consequently testing to see if they are infected with SubSeven or NetBus, or if they use NetBIOS. After its test, the virus automatically uses a backdoor and installs and runs itself. You may even see a random counter that after it is triggered will also create another Trojan program. The Trojan program overwrites the hard disk and sends this text: "THE FILM WHICH YOU ARE ABOUT TO SEE IS AN ACCOUNT OF THE TRAGEDY WHICH BEFELL A GROUP OF FIVE YOUTHS. IN PARTICULAR SALLY HARDESTY AND HER INVALID BROTHER FRANKLIN. IT IS ALL THE MORE TRAGIC IN THAT THEY WERE YOUNG. BUT, HAD THEY LIVED VERY, VERY LONG LIVES, THEY COULD NOT HAVE EXPECTED NOR WOULD THEY HAVE WISHED TO SEE AS MUCH OF THE MAD AND MACABRE AS THEY WERE TO SEE THAT DAY. FOR THEM AN IDYLLIC SUMMER AFTERNOON DRIVE BECAME A NIGHTMARE. THE EVENTS OF THAT DAY WERE TO LEAD TO THE DISCOVERY OF ONE OF THE MOST BIZARRE CRIMES IN THE ANNALS OF AMERICAN HISTORY, THE TEXAS CHAIN SAW MASSACRE..."

The W32.Chainsaw program can also check the data files stored in the system. It searches for important files. This can include passwords, log-in names, credit card numbers, financial information and others. This data will be sent to a remote server without the user’s consent. The information stolen from the computer is largely used for illicit activities. Log-in information can be used to access online accounts. The user’s instant message and e-mail accounts may be used to spread other malware programs. The user’s financial data can be used to make unauthorized purchases on the user’s credit card. Funds can also be transferred to another account without the user’s consent.