|Place of Origin|
|Infection Length||22,016 bytes|
Bymer is a network worm from 2000. It drops a distributed computing client on computers it infects.
Bymer arrives as a file named Wininit.exe in the system folder. This file is 22016 bytes long. It adds this file to the local machine run and run services registry keys as well as a line in the Windows WIN.INI file to ensure it runs when the system starts. The worm checks random IP addresses for shared drives with a Windows folder. It sleeps for two seconds between checks.
It drops the Dnetc distributed computing client in the files dnetc.exe and dnetc.ini. This is actually a legitimate program, intended for various distributed computing projects, but one that can be used for malicious purposes.
Another variant is 22 kilobytes long and its file name is Msinit.exe. It does not drop Dnetc. A hybrid virus/worm was made with the dangerous Kriz virus.
The worm spread rapidly but had few negative effects as it had no dangerous payload. It peaked at number 9 on the virus/worm charts.
Neal Hindocha. Symantec.com, W32.HLLW.Bymer. 2007.02.13
Kaspersky Labs, F-Secure, Bymer. 2000.10-2001.01
John Leyden. The Register, Nimda worms its way to top of September virus chart. 2001.10.01
-. -, Nasty hybrid virus gift unwraps on Xmas day. 2000.12.21