It reaches the computer passing itself off as some news related to the fake death of Fidel Castro. It downloads several variants of Trojans belonging to the Banker family to the affected computer and distribute them through the shared directories belonging to several programs such as mIRC, eDonkey or KaZaA.

Windows 2003/XP/2000/NT/ME/98/95

FakeDeath.A is a worm that downloads several variants of Trojans belonging to the Banker family to the affected computer. Then, these files are distributed through the shared directories belonging to several programs such as mIRC, eDonkey or KaZaA.

The variants belonging to the Banker family are designed to obtain confidential information, such as passwords, from the affected computer.

Additionally, it carries out several modifications in the Windows Registry, which prevent the user from carrying out the following actions, among others:

• Viewing the processes that are being run through the Task Manager.
• Turning off the computer and logging off, as it disables both options of the Start menu.

FakeDeath.A spreads via shared and mapped drives, making copies of itself in them.

FakeDeath.A is easy to recognize once it has affected the computer, as it reaches the computer in a file with the icon of a picture:

If this file is run, the user will be redirected to a website displaying some news published in 1997 related to the fake death of Fidel Castro: