Aliases: DenisBee worm, W32/Denisbee, W32/Denisbee.68608, Win32.Denisbee, Win32.HLLW.Denis, Worm.DenisBee, Worm/Win32.Denisbee
Variants: W32/Denis.worm.b

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Slow
Geographical info: Asia, North and South America, Europe and Australia
Removal: Easy
Platform: W32
Discovered: 03 Nov 2000
Damage: High

Characteristics: W32.Denisbee is a worm that copies itself to network shared folders that are non-password-protected. This worm spreads to any network connections shared.

More details about W32.Denisbee

Computers or networks infected with the W32.Denisbee program may use up system resources and consume more bandwidth. This program may also be used to install other malware, which can further exploit the infected system. A user may obtain the W32.Denisbee application manually by opening an infected e-mail attachment, clicking links on instant messages from users not in the address book, or sharing files over the internet. It can also propagate automatically by taking advantage of security leaks of different operating systems. It can attack unsecure network access points in applications or the operating system itself. The W32.Denisbee application can spread on its own. It can propagate automatically from computer to computer within networks.

This network-aware worm propagates itself to all non-password network connections and to the %SystemRoot%\System directory. It means that computers that share network connections without password is easily infected by this worm. It either deletes or executes files and possibly causes some damage to other systems. This worm, however, must be executed manually through double click. After copying itself to a network share, the worm execute automatically then configures itself to start by adding the value Netvx = %SystemRoot%\System\%WormName% to a certain registry key. Also, the worm adds the value DisablePwdCaching" = "1" to other Registry key locations.