W32/Dadinu

Discussion in 'malware problems & news' started by Marianna, Jul 3, 2002.

Thread Status:
Not open for further replies.
  1. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    - Panda Software reports the appearance of Dadinu,
    a new e-mail worm that creates '.cpl' extension files -
    Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

    Madrid, July 3 2002 -- Panda Software has reported the appearance of Dadinu
    (W32/Dadinu), a new e-mail worm programmed in Delphi that sends itself out
    to all addresses in the Microsoft Messenger Address Book. Over the last few
    days, numerous incidents involving this virus have led to a stream of
    enquiries to the company's tech support services, largely from Spanish
    speakers, concerning this new virus.

    Dadinu creates a large number of '.cpl' files in the Windows directory and
    in the root directory on the hard disk of the infected computer, which are
    each 236,032 bytes in size and are actually copies of the worm itself. The
    fact that the worm uses a .cpl extension file is a new development in virus
    creation.

    The names of the files created by Dadinu are selected at random from a long
    list contained in the worm's code and include 'SpidermanDesktop.cpl',
    'Hacking.cpl', 'Zidane.Taliban.cpl' and others, many of which have obscene
    or pornographic connotations. These names are designed to lure unsuspecting
    users into opening these files, and therefore executing the worm.

    To ensure that it is run whenever the affected system is started, Dadinu
    generates entries in the Windows registry in the path
    "HKCU\Software\Microsoft\Windows\CurrentVersion\Run"

    Panda Software is warning users, especially Spanish speakers, to treat
    e-mails received with caution in order to prevent further incidents with
    this virus. More information on this and other viruses is available in the
    company's Virus Encyclopedia (at http://www.pandasoftware.com/library/).

    In order to know if your computer has been infected, users should update
    their antivirus and carry out a complete scan of their computer. They can
    also use Panda ActiveScan, the free, online antivirus available at
    http://www.pandasoftware.com
     
Thread Status:
Not open for further replies.