Virus:W32/Undertaker
Date discovered:30/01/2008
Type:File infector
In the wild:No
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Medium
Static file:No
File size:12.288 Bytes
Engine version:7.06.00.58

 General Method of propagation:
   • Infects files


Aliases:
   •  Symantec: W95.Undertaken.4883
   •  Mcafee: W32/Undertake
   •  Kaspersky: Virus.Win32.Tish.a
   •  Sophos: W32/Undertake-B


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Infects files

 File infection Infector type:

Appender - The virus main code is added at the end of the infected file.
– The following section is added to the infected file:
   • owow

Damaging - The files are improperly infected. Because of bugs in the virus only some of the virus code is present in the infected sample and it won't replicate any further. Most of the time the infected files are broken.


Stealth:
 No stealth techinques used. It modifies the OEP (Original Entry Point) of the infected file to point to the virus code.


Self Modification:

Encrypted - The virus code inside the infected file is encrypted.


Method:

This direct-action infector actively searches for files.


Infection length:

- 12.288 Bytes


The following files are infected:

By file type:
   • *.exe

Files in any of the following directories:
   • %current directory%

 File details Programming language:
 The malware program was written in Assembler.

Description inserted by Daniel Constantin on Monday, February 15, 2010
Description updated by Andrei Ivanes on Monday, February 15, 2010

Back . . . .