W32.Sadon.dr


Aliases: PE_SADON.867-O, W32/NGVCK.2
Variants: W95/Sadon, Win32.Mudant.887, W32/Muttant.867

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 09 Jul 2003
Damage: Low

Characteristics: W32/Sadon.dr is a virus that acts as a dropper for W32.Sadon.867. It affects all the executable files in the current folder. W32.Sadon.867 is a malware that was designed with a goal to steal personal information from your computer. This application was written for a Windows platform. This program attempts to spread its copies via local network and send W32.Sadon.867 in the address book of the system. Virus definitions dated July 10, 2003 or earlier may detect this threat as W32.MutantQSix.dr.

More details about W32.Sadon.dr

W32/Sadon.dr is an executable file infector that spreads by appending an encrypted version of itself to the end of all the other executable files, which are in the same folder as the virus. When a file that is infected with W32/Sadon.dr is executed, it decrypts the virus, runs it, and adds its encrypted infection routine to all the .exe files, which are in the same folder. Then, it passes control of the .exe file back to the infected host, so that you will not notice any difference in behavior.

According to some reports, the W32/Sadon.dr program could infect the computer when the user is surfing malicious websites. The dominant characteristics of this malware include: the capability to install without user consent; the ability to permit remote influence; distribution of threats; disabling of programs; and exploitation of a security flaw. It is possible that when this malware is executed, it would register a DLL file as Browser Helper Objects (BHO) for Internet Explorer and attempts to download more malicious programs, which might include this program. Using the program’s backdoor ability, hackers are able to get information from the infected systems without consent.