Aliases: W32.Dobrev , W32/Dabyrev-
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: dormant
Spreading: slow
Geographical info: Europe, North and South America, and some parts of Asia and Australia
Removal: easy
Platform: W32
Discovered: 13 Nov 2003
Damage: Low

Characteristics: Once opened, the W32.Dabyrev program browses for and infects files in the kazaa download folder. It also changes the Internet Explorer homepage to that of a radio station in Eastern Europe.

More details about W32.Dabyrev

The W32.Dabyrev program is considered as peer-to-peer program. Kazaa is its platform to spread and multiply. This threat is detected by the Microsoft antivirus engine. The virus has been updated and was discovered with minor variation. Machines that are protected by weak passwords can easily be infiltrated by this worm program. It may also take advantage of system vulnerabilities, such as the buffer overflow vulnerability. The program can also spread through shared networks. The presence of the W32.Dabyrev program on the user’s computer may cripple the system. The program may cause the compromised computer to shutdown and restart by itself. This results in system instability. The worm application’s activities on the user’s machine may cause these shutdowns.

Additional unwanted files may be added to the system. These are reportedly installers for adware, spyware, and Trojan software. The files are executed and added to the registry. They will run in the background and use up computer resources. Pop-up and pop-under advertisements may be displayed whenever an Internet connection is created. Visited web pages, online searches, and clicked links may be recorded. These can be used to generate ads based on the user’s preferences. This application can receive instructions from a remote server. It can be made to manipulate the files in the system without the user’s consent.