Banwarum details

  • Description

    Banwarum is a worm that spreads in the Internet by e-mail, and in local networks by exploiting computers running the Windows operating system with known vulnerabilities. Once executed, the parasite installs itself to the system and runs a spreading routine. Banwarum searches local drives for text and spreadsheet documents, web pages and various programming files. Then it uses own mail engine to send e-mail messages to all the addresses it gathers from found files. Letters are written in German. Each of them has Zip or RAR archive attached. That archive contains the parasite. Banwarum also scans local network for systems with unpatched Windows flaws and infects vulnerable computers. The worm’s payload is comprised of several harmful functions. Banwarum collects system information and transfers it to the attacker. It also opens a back door providing the intruder with remote unauthorized access to the compromised computer and allowing him to control the system and steal user sensitive information. The parasite injects malicious code into legitimate system processes in order to avoid detection. Banwarum runs on every Windows startup.