W32.Dawin


Aliases: W32/Autorun.worm.aw, Win32/Kbvorm, W32/Autorun.worm.e
Variants: W32/Dawin-A, Win32.Adefe.A, Mal_Otorun5, W32/Dawin-B

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Slow
Geographical info: Some parts in Asia, North and South America, Europe and Australia
Removal: Easy
Platform: W32
Discovered: 22 Nov 2007
Damage: Low

Characteristics: W32.Dawin infects files and drives through network shares and drives that are removable on the computer. Through its copying of itself, it infects the following file: .exe files. Its length is 897,512 bytes. However, the damage level and wild threat level is low and has only small number of infections.

More details about W32.Dawin

W32.Dawin allegedly propagates by copying itself to network connections or network shares and removable drives infecting files and executable drives on the computer. This worm, written using Borland Delphi, is a newly discovered worm found in November 22, 2007. It spreads itself through removal devices such as the floppy disk, CD and USB drives. Also, it extends its threat on a local network or the Internet by spreading itself on files in the network file system or any file system that can be located. This worm can add keys in the Windows registry too. When it makes copies of itself, it creates text files (.exe) on any network resources. It does find executable files then automatically injects its viral code to any target files found on the system. It creates a file: %SystemDrive%\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe and a certain registry key value. Afterwards, when the drive is accessed, it creates another file: %DriveLetter%\autorun.inf.

Worm programs, such as the W32.Dawin application, can create copies of their own. Once they have entered a system, they will create copies and infect others. The W32.Dawin application typically spreads via the Internet. Malware authors may place them on shared network resources. It will then try to enter connected systems with weak password protection. Most worm software programs have a database of common user names and passwords that it uses to hack into a computer. Worm applications can also be spread via drive-by-downloads. Other malware programs may also be used to distribute them. They can also be sent to the user via instant messages or e-mails.