Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
- Discovered:
- September 17, 2002
- Updated:
- February 13, 2007 11:57:39 AM
- Also Known As:
- PE_DUKSTEN.A [Trend], W32/Duksten [Panda], W32/Prestige-B [Sophos], I-Worm.Duksten [KAV], W32/Duksten.a@MM [McAfee], W32/Duksten-A [Sophos], Win32.Duksten [CA]
- Type:
- Worm, Virus
- Systems Affected:
- Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
W32.Duksten@mm is a mass-mailing worm that uses its own SMTP engine to send itself to all contacts in the Windows Address Book. The email message has the following characteristics:
From:"ISP_Tecnico"<skudo@iris.es>
Subject: NetsKudo,proteccion IP para Windows9x/Me/Nt/2000/XP
Attachment: Skudo.zip
W32.Duksten@mm is also a file infector that randomly infects random Portable Executable (PE) files.
What are Portable Executable (PE) files?
PE files are files that are portable across all Microsoft 32-bit operating systems. The same PE-format executable can be executed on any version of Windows 95, 98, Me, NT, 2000, and XP. All PE files are executable, but not all executable files are portable.
A common example of a Portable Executable file is a screen saver (.scr) file.
Antivirus Protection Dates
- Initial Rapid Release version September 17, 2002
- Latest Rapid Release version September 28, 2010 revision 054
- Initial Daily Certified version September 17, 2002
- Latest Daily Certified version September 28, 2010 revision 036
- Initial Weekly Certified release date September 18, 2002
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
- Wild Level: Low
- Number of Infections: 0 - 49
- Number of Sites: 0 - 2
- Geographical Distribution: Low
- Threat Containment: Easy
- Removal: Moderate
Damage
- Damage Level: Medium
Distribution
- Distribution Level: High
Writeup By: Yana Liu
