W32/Voterai.worm.f is a destructive worm designed to perform a dubious political campaign for Kenya elections.
It disables many system settings including the Registry and Task Manager.
W32/Voterai.worm.f is a particularly damaging worm related to elections campaign in Kenya. When started the malware will proceed in turning the user machine in to a complete zombie machine. In fact, it will disable almost every security software that may be installed on the machine, and modify the system registry to disable almost any operation that user may perform, like, for example, rebooting the machine using the start menu, executing the task manager, accessing the control panel and more.
As soon as these operations have been performed, the malware will create the following folders on the root of C: drive and also including any mapped drives:
The following files which are a copy of this worm are created in the folders listed above:
This worm also copies itself under different folders all around the computer, and especially under:
The following registry keys are created:
A file KIB.HTM is created on the root of all drives. This file runs and displays the following message if an attempt is made to run TaskManager, or open the Registry Editor (Regedit.exe).
Additionaly the following registry key is also created so that the browser Home Page is the same image as above.
In addition to this, the malware is able to spread using autorun techniques. Also note that the malware is designed to start even in safe boot mode.
The malware needs manual activation in order to start its malicious activities. However, it uses social engineering techniques combined with worm capabilities to trick the user into activating it.