W32.Dexter


Aliases: W32/Dexter, W32/Dexter, F-PROT ANTIVIRUS, Win32.HLLM.Dexter.6Doctor, Dr.Web, WORM/Dexter
Variants: Win32.HLLW.Dexter.a, W32.Dexter.A, W32/Dexter-A Win32.Dexter.A

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Slow
Geographical info: Asia, North and South America, Europe and Australia
Removal: Easy
Platform: W32, Linux
Discovered: 01 Feb 2002
Damage: Low

Characteristics: W32.Dexter is a worm that spreads though email and IRC. Many users experience a problem regarding this worm. This is common in attacking user’s emails and other system like the IRC. This is a self-replicating worm.

More details about W32.Dexter

Once the execution of the W32.Dexter program is performed, it copies itself to the following: \Windows\Setup.exe and \Windows\Sys#.exe. Afterwards, it adds a certain value in the Windows Registry key. One of the registries will allow the worm to propagate and run every time the Windows starts. Then, the worm checks the registry key if the WinZip is installed. Once it is installed, the worm adds another value to the registry key. Then the worm zips the C:\Windows\Sys#.exe file into C:\Windows\Os#.zip. If this is done successfully, the worm spreads throughout the email. It searches emails that contain .htm files. There, it sends itself to the email addresses it finds. Some of the subjects used in emails containing this worm are the following: AVP-Virus-Warning; freeware nice game; My cool, litle program; or Special FX screensaver.

Computers or networks infected with the W32.Dexter program may use up system resources and consume more bandwidth. This program may also be used to install other malware, which can further exploit the infected system. A user may obtain the W32.Dexter application manually by opening an infected e-mail attachment, clicking links on instant messages from users not in the address book, or sharing files over the internet. It can also propagate automatically by taking advantage of security leaks of different Operating Systems. It can attack unsecure network access points in applications or the operating system itself. The W32.Dexter application can spread on its own. It can propagate automatically from computer to computer within networks.