Threat Database Worms Worm.VBS.Dinihou


By GoldSparrow in Worms

The Dinihou malware falls into the category of worms, which are threats to computer networks and can replicate themselves. The Dinihou malware is used by cyber crooks to collect information about the software and hardware configuration of infected computers and send it to their servers for analysis. The Dinihou malware is distributed via corrupted USB drives and ZIP files that upon an attempt to unzip would infect the user's PC. The Worm.VBS.Dinihou malware is capable of compromising 32-bit and 64-bit Windows systems and can download and run threatening code if instructed to. The Dinihou worm is known to utilize the Windows tool wscript.exe to facilitate some of its operations, and it may have edited your Windows Registry to run at system startup. The Dinihou malware may use a corrupted Microsoft Excel document to host its code and execute its operations. Malware researchers reveal that the payload of the Dinihou worm may be found in the hidden AppData folder.

Additionally, the Dinihou worm might be used to inject corrupted code like JS:Trojan.Crypt.EM and HTML/ScrInject.B.Gen in the infrastructure of legitimate websites. There are cases where the Dinihou malware may use administrator privileges to flag its files as system files and hide them on your hard drive. Malware researchers note that code used in Dinihou is obfuscated with Base64 encoding and may have an additional layer of obfuscation laid with the Safa7_22_Crypter. An interesting feature of the Dinihou worm is that it can download a corrupted binary from compromised websites directly to infected PCs. Users should employ the services of a trustworthy anti-malware suite to prevent infiltration of the Dinihou worm on their systems.

Related Posts


Most Viewed