Aliases: N/A
Variants: N/A

Classification: Malware
Category: Trojan Horse

Status: Dormant
Spreading: Slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: Easy
Platform: W32
Discovered: 04 May 2004
Damage: high

Characteristics: W32.Netad.Trojan is a Trojan horse that has the capability of deleting all the files on the “C” drive. Once it is executed, it may erase critical contents or files on the hard drive. The worm is in the Delphi programming language. All platforms of windows are vulnerable to this worm, may it be Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT and Windows XP. Once this Trojan is opened, it will display these properties, “Company Name: Windows (c) Corp.;” “Internal Name: Windows Service Datenbank Management System;” “Language: German (Germany);”Legal Trademarks: Windows (c);”Filename: ws32.dbms.exe,”Product Name: Windows Service Datenbank Management System” and “Product Version:”

More details about W32.Netad.Trojan

This can also propagate through public FTP sites, peer-to-peer file-sharing networks, and/or spammed as attachments in email. The infected file is released through these avenues and it could be named anything and the name could depend on the distribution method. There is no static filename associated with this particular threat. Other characteristics may also include automatically opening a minimized window named "Counter". If successful, it will delete all the files on the hard disk.

The primary function of the W32.Netad.Trojan program is to look for a security exploit in the compromised machine. These are errors in some programs that can permit remote access to a computer. Experts state that software vulnerabilities can be used to fix computer security issues. However, these can be a good and reliable access points for remote attackers as well. Reports indicate that this Trojan has the capability to allow malevolent influences from a remote hacker. The W32.Netad.Trojan program may possibly be used by a remote hacker to control the infected computer.