Virus:W32/DunDun.A
Date discovered:25/07/2007
Type:File infector
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Medium
Static file:No
File size:~12.288 Bytes
Engine version:7.04.00.50

 General Method of propagation:
   • Infects files


Aliases:
   •  Symantec: W32.Novydeng
   •  Mcafee: W32/DunDun.a
   •  Kaspersky: Virus.Win32.DunDun.5025
   •  Sophos: W32/Dundun-A
   •  Eset: Win32/DunDun.A
   •  Bitdefender: Win32.DunDun.A

Similar detection:
   •  W32/DunDun


Platforms / OS:
   • Windows NT
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Infects files

 Special detection Version history:
The following engine updates were released in order to enhance detection:

   •  7.04.00.50   ( 25/07/2007 )
   •  7.09.01.98   ( 04/12/2009 )

 File infection Infector type:

Appender - The virus main code is added at the end of the infected file.
– The following sections are added to the infected file:
   • DENG DUN
   • %blank%

Damaging - The files may be improperly infected. This results in infected files that are broken and crash.


Stealth:
 No stealth techinques used. It modifies the OEP (Original Entry Point) of the infected file to point to the virus code.


Self Modification:

Encrypted - The virus code inside the infected file is encrypted.


Method:

This memory-resistent infector remains active in memory.


Infection length:

Approximately 5.100 Bytes


The following files are infected:

By file type:
   • *.exe
   • %all processes started after malware is active in memory%

 Injection – It injects itself into a process.

    Process name:
   • explorer.exe


 Rootkit Technology  Hooks the following API function:
   • CreateFile

Description inserted by Daniel Constantin on Tuesday, March 16, 2010
Description updated by Andrei Ivanes on Tuesday, March 16, 2010

Back . . . .