TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
PE_MABEZAT.A-O
Overview
Solution

Malware type: File infector

Aliases: W32/UA07 (McAfee), W32.Mabezat.A (Symantec), Worm/Mabezat.A.4 (Avira), W32/Mabezat-A (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Infection Channel 1 : Propagates via network shares

Infection Channel 2 : Propagates via removable drives

Infection Channel 3 : Copies itself in all available physical drives

Infection Channel 4 : Copies itself in optical discs

Description: 

This file infector may be dropped by other malware or downloaded unknowingly by a user when visiting malicious Web sites.

It searches for target files in specific folders and excrypts them. It then infects by prepending its code to the target host files.

It creates an AUTORUN.INF file in a specific folder on the affected system. As a result, CDs burned from the affected system are infected as well and will automatically infect other systems when the CD is inserted.

For additional information about this threat, see:
Solution
Technical Details

Description created: Nov. 21, 2007 6:09:50 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.