Home / malware Worm:Win32/Burnwoo.A
First posted on 20 March 2014.
Source: MicrosoftAliases :
There are no other names known for Worm:Win32/Burnwoo.A.
Explanation :
Threat behavior
Installation
Worm:Win32/Burnwoo.A copies itself to c:\documents and settings\administrator\local settings\temp\wdr201b.exe.
Spreads via€¦
Removable drives
Worm:Win32/Burnwoo.A can create the following files on targeted drives when spreading:
:\...exe :\..exe :\subst.exe
It also creates an autorun.inf file in the root folder of the removable drive. The file has instructions to launch the malware automatically when the removable drive is connected to a PC with the Autorun feature turned on.
This is a common way for malware to spread. However, autorun.inf files on their own are not necessarily a sign of infection; they are also used by legitimate programs.
Payload
Contacts remote host
Worm:Win32/Burnwoo.A might contact a remote host at www.blm35.net using port 80. Commonly, malware does this to:This malware description was produced and published using automated analysis of file SHA1 36992d0e350396442d6f0f60b9c52666a833de8c.Symptoms
- Report a new infection to its author
- Receive configuration or other data
- Download and run files, including updates or other malware
- Receive instructions from a remote hacker
- Upload data taken from your PC
System changes
The following could indicate that you have this threat on your PC:
- You have these files:
c:\documents and settings\administrator\local settings\temp\wdr201b.exeLast update 20 March 2014
