W32.Draggdor


Aliases: W32.Draggdor
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 01 Aug 2006
Damage: Low

Characteristics: W32.Draggdor is a low threat worm that usually propagates through duplicating itself to the local folders and network drives of the compromised computer. Like many other worms, this also opens a backdoor on the compromised computer. Thus, it may steal or hack private files or data from the compromised computer. It can affect all Windows Operating System.

More details about W32.Draggdor

Once executed, the W32.Draggdor worm automatically duplicates itself as services.exe and/or Random.exe in the Windows folder on local and network drives of the compromised computer. Having backdoor capabilities, the worm also automatically connects to this URL, http://s.dragon128.net/ie2007/ie/log(Removed). These are signs that the computer is already infected. If it is successful, it also ceases “ccApp.” ccApp is a security related process in the Windows Operating System. It is also known that it performs actions when it is about to attack the system. It downloads and executes remote files as well as changes the Microsoft Internet Explorer homepage. It is always a good practice to enable your firewall to block all incoming connections from the Internet to services that should not be publicly available.Do not always install or turn on computer services popping up in your screen. These are critical avenues they usually attack. Bluetooth and mobile connection should be turned off as well and not lay it open or turned on if you are not using it.

Like other malicious program, the W32.Draggdor program is not advisable to stay on the computer. It may cause computer performance, giving the computer some slow progress than its usual time of performance. It may end up in loss of data, file corruption, spousal spying, and identity theft. User must disable and remove it from the computer immediately.