Content
W32/Voterai.worm
- Type
- -
- SubType
- -
- Discovery Date
- 10/26/2007
- Length
- Minimum DAT
- 5151 (10/29/2007)
- Updated DAT
- 5406 (10/15/2008)
- Minimum Engine
- 5.1.00
- Description Added
- 10/26/2007
- Description Modified
- 10/30/2007 2:00 AM (PT)
Tab Navigation
Characteristics
W32/Voterai.worm is a particularly damaging worm related to elections campaign in Kenya. When started the malware will proceed in turning the user machine in a complete zombie machine. In fact, it will disable almost every security software that may be installed on the machine, and modify the system registry to disable almost any operation that user may perform, like, for example, rebooting the machine using the start menu, executing the task manager, accessing the control panel and more.
As soon as these operations have been performed, the malware will copy itself under different folders all around the computer, and especially under:
* %SYSTEM FOLDER%\config\systemprofile\Application Data\smss.exe
* %WINDOWS FOLDER%\fonts\lsass.exe
* %SYSTEM FOLDER%\wbem\xml\csrss.exe
In addition to this, the malware will make sure that it will start even if the machine is rebooted, by modifying registry keys to point to the above files.
With the machine turned into a zombie, the malware will start displaying messages to favour Mr. Kalonzo Musyoka in his political campaign.
In addition to this, the malware is able to spread using autorun techniques. Also note that the malware is designed to start even in safe boot mode.
Symptoms
- The infected machine is completely unusable
- Inability to shut down the computer using the start menu
- Propaganda messages popping up
Method of Infection
The malware needs manual activation in order to start its malicious activities. However, it uses social engineering techniques combined with worm capabilities to trick the user into activating it.
Removal
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
Variants
Variants
N/A
All Information
Overview -
W32/Voterai.worm is a destructive worm designed to perform a dubious political campaign for Kenya elections.
Characteristics
Characteristics -
W32/Voterai.worm is a particularly damaging worm related to elections campaign in Kenya. When started the malware will proceed in turning the user machine in a complete zombie machine. In fact, it will disable almost every security software that may be installed on the machine, and modify the system registry to disable almost any operation that user may perform, like, for example, rebooting the machine using the start menu, executing the task manager, accessing the control panel and more.
As soon as these operations have been performed, the malware will copy itself under different folders all around the computer, and especially under:
* %SYSTEM FOLDER%\config\systemprofile\Application Data\smss.exe
* %WINDOWS FOLDER%\fonts\lsass.exe
* %SYSTEM FOLDER%\wbem\xml\csrss.exe
In addition to this, the malware will make sure that it will start even if the machine is rebooted, by modifying registry keys to point to the above files.
With the machine turned into a zombie, the malware will start displaying messages to favour Mr. Kalonzo Musyoka in his political campaign.
In addition to this, the malware is able to spread using autorun techniques. Also note that the malware is designed to start even in safe boot mode.
Symptoms
Symptoms -
- The infected machine is completely unusable
- Inability to shut down the computer using the start menu
- Propaganda messages popping up
Method of Infection
Method of Infection -
The malware needs manual activation in order to start its malicious activities. However, it uses social engineering techniques combined with worm capabilities to trick the user into activating it.
Removal -
Removal -
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
