Datom is a network worm discovered early July. InVircible
uses are inherently protected against Datom. It spreads
to shared network resources. The worm consists of 3 files,
they are:
- MSVXD.EXE
- MSVXD16.DLL
- MSVXD32.DLL
MSVXD.EXE is the first component which loads the worm by
loading the MSVXD16.DLL library. The MSVXD16.DLL then loads
the MSVXD32.DLL component, which spreads the worm.
If there is file called "Win.ini" in Windows
directory, Datom writes "MSVXD.EXE" string in
the "Run" section of this file, otherwise it creates
a link file pointing to MSVXD.exe and called "VxD Manager.lnk"
in the common ("All users") Startup directory
on the remote computer.
Back
