Fanbot is an extremely dangerous rapidly spreading Internet worm that propagates by e-mail, through file sharing networks and exploiting known Microsoft Windows vulnerabilities.
Once executed, the parasite displays a fake error message, runs its payload and initiates a spreading routine. The worm usually arrives in e-mail messages with archived attachments containing infected files. Fanbot letters have fake "From" address field and therefore look like being sent by the local administrator, webmaster, support or information service. The worm uses own mail engine to distribute such messages. It also creates infected files with various meaningful names and copies them into shared folders of most popular peer-to-peer applications and instant messengers.
The parasite's payload is comprised of several malicious functions. Fanbot runs an integrated backdoor that gives the attacker unauthorized remote access to a compromised computer. The intruder can manage the file system, run and terminate programs, execute local commands, download and upload arbitrary files, access specified web resources, control the worm, perform annoying actions, shutdown or restart a computer, attack defined hosts, etc. The parasite itself attempts to kill active processes related to installed antiviruses, firewalls and security-related software. It also blocks access to popular security-related web sites and disables certain Windows components.
Fanbot secretly runs as a service on every system startup.
Related files: remote.exe Remove Fanbot, removal instructions
Back to: PC Security, privacy news