W32.Danber


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: active & spreadings
Spreading: slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: easy
Platform: W32
Discovered: 22 May 2007
Damage: Low

Characteristics: W32.Danber is a worm that spreads by copying itself to network shares. It affects all Windows Operating Systems and creates .exe files such as danbtr270414.exe.

More details about W32.Danber

Upon its successful execution, the W32.Danber program automatically copies the danbtr270414.exe file to these drives: C:\, D:\, E:\, F:\, G:\, H:\, I:\, J:\, K:\ and M:\. Then, it also multiplies to other subfolders having this format, “[DRIVE LETTER]:\[SUBFOLDER]\[SUBFOLDER NAME].exe.” It adds an .exe file extension at the end of any file in that folder or subfolder. Registries are also created, so that the worm runs every time the Windows starts. TCP ports are also attacked and this worm can also spread on remote computer using TCP port 445.

This application may be difficult to detect and remove from the computer. It is capable of terminating the running processes that are related to security programs. It also disables the system itself. This results in sudden shutdowns and restarts of the user’s computer. This application enters a computer through security exploits and program errors. It may enter a computer when the user visits websites that are not secure. Some websites may be embedded with illicit codes that are related to this software.