Aliases: W32.Naplik
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 17 May 2007
Damage: Low

Characteristics: W32.Naplik attacks executable files. All platforms of Windows Operating System are affected namely, Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003 and Windows 2000. As with many other viruses, it spreads through copying itself in windows system and directory folders named as “svchost.exe” and “VirusBoot.dll.”

More details about W32.Naplik

This is also described as an appending virus through which it copies its code to the end of the file. This appends a “.kokus” at the end of every file. As such, the entry point of the virus is also modified. Once executed, the virus adds a “.dll” routine named as "VirusBoot.dll" into explorer.exe. This is the one in charge of the infection. When it is present, it automatically connects to this website, http://www.aabbcc.us. It uses a remote website to send information collected from the machine. Reports also say that this has backdoor capabilities which steal private or confidential files or data from the compromised computer. This information may lead to the hands of the black market. Confidential email messages and or usernames and passwords can also be sold in the Internet.

The W32.Naplik program allegedly allows the hacker (its author) to perform a number of actions to the computer. It has been observed that this utility reportedly enables a hacker to simultaneously use the compromised machine with the legitimate user. The W32.Naplik program is usually installed by employing deceptive pretenses and through means that do not get the user’s full consent or knowledge. It exploits frailties in the installed security settings by circumventing the security programs installed.