Virus:W32/Ziza.A
Date discovered:21/07/2008
Type:File infector
In the wild:No
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Medium
Static file:No
File size:1.365 Bytes
IVDF version:7.00.05.151 - Tuesday, July 22, 2008

 General Method of propagation:
   • Infects files


Alias:
   •  Symantec: W32.Forever.Worm


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Infects files


Right after execution the following information is displayed:


The picture has been edited for display purpose.

 File infection Infector type:

Prepender - The virus code is added at the begining of the infected file.

Damaging - The files may be improperly infected. This results in infected files that are broken and crash.

Because of bugs in the virus it may happen that only some of the virus code be present in the infected sample and inhibit further replication.


Stealth:
 EPO (Entry Point Obscuring) - The infected file's EP (Entry Point) remains the same. The virus patches the program code to redirect execution to the viral code.


Method:

This direct-action infector actively searches for files.


Infection length:

From: 0 Bytes
To: 4.096 Bytes


The following files are infected:

By file type:
   • *.exe

Files in any of the following directories:
   • %current directory%

 File details Programming language:
 The malware program was written in Assembler.

Description inserted by Daniel Constantin on Friday, February 19, 2010
Description updated by Daniel Constantin on Friday, February 19, 2010

Back . . . .