Aliases: Nuker.Click.22 (AVP), Click Trojan (McAfee) / Flooder.Win32.Click.12 (Kaspersky Lab) is also known as: Flooder.ICMP.Click.12 (Kaspersky Lab), Nuke-Click (McAfee), Hacktool.Nuker (Symantec), Nuke.Click.21508 (Doctor Web), Troj/Nuke-Anark (Sophos), Nuker:Win32/Aclick (RAV), DDOS_CLICK.12 (Trend Micro), TR/Nuker.Click (H+BEDV), Win32:Trojan-gen. (ALWIL), Trojan.Nuker.Aclick (SOFTWIN), Trojan.Nuker.Click (ClamAV), Flooder Program (Panda), Win32/Flooder.ICMP.Click.12 (Eset)
Variants: N/A

Classification: Malware
Category: Trojan Horse

Status: active
Spreading: Low
Geographical info: Low
Removal: Easy
Platform: W32
Discovered: 11 Jul 2002
Damage: low

Characteristics: The W32.Click.DoS program is known as a fully customizable Denial of Service attack tool which affects a lot of computer based Operating Systems such as Windows 3.x, 95, 98, Me, NT, XP, 2000, Macintosh, Microsoft IIS, Linux and UNIX.

More details about W32.Click

The W32.Click.DoS program enters a computer through websites that are not secure. This program may also be unknowingly downloaded by the user from P2P (peer-to-peer) file sharing programs. The Trojan software does not go through the usual installation procedure. It launches on the computer without the user’s knowledge. The files added by the Trojan application may appear as legitimate processes. This is because the files added by the Trojan program take legitimate Windows process filenames, such as mmc.exe, notepad.exe, svchost.exe and mstsc.exe. The Trojan program auto-starts each time the system is opened. The files added by the application are not visible on the computer. This is because the Trojan application has rootkit functions that enable it to hide its files.

The W32.Click.DoS program creates a backdoor on the affected computer. This backdoor serves as a means for the remote user to communicate with the Trojan software. The backdoor is used to send some commands for the Trojan application to perform. These tasks may include deleting of files from the affected computer, uploading and downloading of data and removal of files from the user’s computer. The Trojan software can also be used to carry out DoS (Denial of Service) attacks against other systems. The kit used to create that Trojan program allows the remote user to set the parameters of the infection. It uses an advanced UI (User Interface). This includes the filenames for the executable files, the installation path and the mutex (mutual exclusion) name.