14 DAY TRIAL // Here's another Windows worm with high distribution potential and high damage potential. This means that it can easily reach your computer and harm the data stored on the system as fast as you would say WORM_SPYBOT.AP. Security vendor Trend Micro has informed that the worm is able to infect Windows 98, ME, NT, 2000, XP and Server 2003. What's interesting is that WORM_SPYBOT.AP attempts to infect your computer through network shares and tries to login into your computer using a list of usernames and passwords built by its creator.
"This worm attempts to log on to systems using a list of user names and passwords. It drops a copy of itself into accessible machines. It may arrive via network shares", Trend Micro explained.
Just like any other recent worm, WORM_SPYBOT.AP creates new registry entries to be executed every time the Windows operating system is fully loaded. In addition, it ends certain processes, probably to avoid detection. Shutting down the antivirus would be a great way to infect a computer, don't you think?
"It drops copies of itself. It creates registry entries to enable its automatic execution at every system startup. It terminates certain processes, if found running in memory", the security company detailed the infection process.
Since it has a high distribution potential, it's obvious the worm is able to make a lot of victims. And it did. According to the same report, no less than 1,593 computers, located in North America, have already been infected with the worm, while only 386 affected systems belong to Europeans. Asia got only 288 infected computers, whereas Africa seems to be the lucky continent with only 1 victim.
Because the worm tries to spread its files through network shares, you should really enable and apply the latest virus definitions for your antivirus. Extra-care is recommended when working with network shares.