Home Malware Programs Worms W32.Shadesrat

W32.Shadesrat

Posted: February 24, 2011

W32.Shadesrat is a worm that creates major vulnerabilities in infected systems. Besides backdoor exploits that can allow DDoS attacks, W32.Shadesrat also records keystrokes, steals password information and may download files to a computer or corrupt already present files. Deleting W32.Shadesrat should be handled briskly due to the worm's wide range of potentially debilitating and aggressive behaviors.

A Worm with a Highly Hostile Plan

Infections of W32.Shadesrat have been confirmed to possess a whole spectrum of attack options, any of which may be inflicted on any particular computer. Many of these attacks leave obvious symptoms, but even those that don't leave behind visual cues may be highly dangerous, as noted below.

  • W32.Shadesrat creates security backdoors on any system W32.Shadesrat infects. These security vulnerabilities allow remote attackers to control your computer and may also be used to download or upload files.
  • W32.Shadesrat has been confirmed to be able to assist in DDoS attacks. These allow remote attackers to use infected computers as part of a botnet, flooding websites with traffic until they crash.
  • The W32.Shadesrat worm can download files to your computer. Files dropped will likely be malware, which may cause other forms of damage.
  • Your passwords and even the keystrokes of your keyboard aren't safe from W32.Shadesrat. W32.Shadesrat will cheerfully steal them and use the aforementioned backdoor to send this information out to anonymous third parties.
  • Important system and security-related files may be corrupted by W32.Shadesrat to prevent them from functioning properly.
  • W32.Shadesrat may infect other computers rapidly. As a worm, W32.Shadesrat may copy its own body into removable devices or use messages with attachments of itself to find new computers to infect.

How It Came to This

If you're eager to avoid catching the W32.Shadesrat infection, then there are certain precautions you can take to reduce chances of contact. W32.Shadesrat was confirmed as a threat as recently as February 2011 in many cases, so updating your anti-malware programs will help them identify W32.Shadesrat and react appropriately. If you're running Windows 95 up to Vista, you're vulnerable to infection, but so far W32.Shadesrat hasn't been reported to attack Windows 7.

W32.Shadesrat spreads through typical worm methods, by Instant Messenger links and infecting files on file-sharing networks. The W32.Shadesrat worm also has its own BitTorrent application, so if you use torrents, be especially wary of untrustworthy programs related to torrent downloads.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %PROGRAM_FILES%\W32.Shadesrat.
    2 c:\Documents and Settings\All Users\Start Menu\W32.Shadesrat\
    3 c:\Documents and Settings\All Users\W32.Shadesrat\

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\Software\W32.Shadesrat

Related Posts

Loading...