Aliases: W32/Peng.worm [McAfee]
Variants: N/A

Classification: Malware
Category: Trojan Horse

Status: Active & Spreading
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 12 Jul 2002
Damage: Medium

Characteristics: W32.Peng was discovered on July 12, 2002. This is a Trojan horse that produces and executes many copies of itself. Since it creates a large number of copies, the Trojan horse causes the computer to stop responding. This Trojan is also known as W32/Peng.worm which mostly affects Windows 2000, 95, 98, Me, NT and XP.

More details about W32.Peng

Once W32.Peng is executed, it creates a large number of copies of itself in the root of the drive C and in the startup folder under the programs folder. The Trojan continues to produce copies of itself and while it is creating, the copies made are executing at the same time. This cycle of the Trojan continues until the computer runs out of resources and stops responding. The result of this can cause a lot of damage in the computer giving malfunction if the Trojan is not removed.

The W32.Peng program copies its information onto the hard drive. Then the startup key is created using the name W32.Peng and its corresponding value taskmang.exe. The taskmang.exe process is the core element to run the program. It stays memory resident and permits remote control. The W32.Peng program, when fully installed, will exploit the systems security tool allowing the invader to access the system on remote area. The exploit is a typescript that pinpoints particularly the programming setback in able to broadcast malicious files, which endangers the operating system.