Aliases: W32/Dinoxi, IM-Worm.Win32.Vizim.a
Variants: W32/Dinoxi.A W32.Dinoxi.B

Classification: Malware
Category: Computer Worm

Status: Active
Spreading: Slow
Geographical info: Asia, North and South America, Europe, Australia and some parts of Africa
Removal: Easy
Platform: W32
Discovered: 10 Dec 2005
Damage: Medium

Characteristics: W32.Dinoxi is a worm that opens a backdoor on the computer. It propagates by sending links to all available contacts on one’s messenger list specifically the AOL Instant Messenger.

More details about W32.Dinoxi

This worm has a process called dioxin.exe that allows the attacker to have an access and execute commands like stealing information (password and bank details). The worm merely spreads through links in the contact list of the user’s messenger. Once the worm is executed, it creates files: \Documents and Settings\All users\Start Menu\Programs\Startup\Dioxin.exe; %System%\System32\Dioxin.exe; %System%\System32\WinDio778.exe; and A:\Dioxin.exe. Then it adds certain values to a certain registry subkey. More values are added to disable real mode DOS, change Windows Explorer settings, modify values to hide items and programs on the desktop and the Address Bar from the Internet Explorer, change time format, display and mouse settings. The worm sends instant messages to contacts in the AOL IM. Once executed, a copy of the worm is also downloaded then the attacker can give commands.

The W32.Dinoxi application is installed manually. Trojan software is typically disguised as harmless files. It may be labeled as a data file or software patch. Users are often tricked into granting it access into the system. They may receive it from an e-mail or instant message. It can be a transferred or attached file or an embedded link in the message. The contents of the message will lead the user to believe that the file is useful or necessary. The Trojan software can also be bundled with software downloaded form unreliable sources. These may be hacked retail software found on peer-to-peer (P2P) file sharing networks, freeware and shareware websites or forums.