W32/Dadinu

- Panda Software reports the appearance of Dadinu,
a new e-mail worm that creates '.cpl' extension files -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, July 3 2002 -- Panda Software has reported the appearance of Dadinu
(W32/Dadinu), a new e-mail worm programmed in Delphi that sends itself out
to all addresses in the Microsoft Messenger Address Book. Over the last few
days, numerous incidents involving this virus have led to a stream of
enquiries to the company's tech support services, largely from Spanish
speakers, concerning this new virus.

Dadinu creates a large number of '.cpl' files in the Windows directory and
in the root directory on the hard disk of the infected computer, which are
each 236,032 bytes in size and are actually copies of the worm itself. The
fact that the worm uses a .cpl extension file is a new development in virus
creation.

The names of the files created by Dadinu are selected at random from a long
list contained in the worm's code and include 'SpidermanDesktop.cpl',
'Hacking.cpl', 'Zidane.Taliban.cpl' and others, many of which have obscene
or pornographic connotations. These names are designed to lure unsuspecting
users into opening these files, and therefore executing the worm.

To ensure that it is run whenever the affected system is started, Dadinu
generates entries in the Windows registry in the path
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run"

Panda Software is warning users, especially Spanish speakers, to treat
e-mails received with caution in order to prevent further incidents with
this virus. More information on this and other viruses is available in the
company's Virus Encyclopedia (at http://www.pandasoftware.com/library/).

In order to know if your computer has been infected, users should update
their antivirus and carry out a complete scan of their computer. They can
also use Panda ActiveScan, the free, online antivirus available at
http://www.pandasoftware.com