Panda Software Reports the Appearance of Densux Worm

Panda Software’s Virus Laboratory has detected the appearance of Densux (W32/Densux) a new e-mail worm. This new malicious code spreads via e-mail, sending itself out to all addresses in Outlook’s Address Book.

Densux exploits a know vulnerability in Microsoft Internet Explorer to run automatically simply when the infected message is viewed in the Preview Pane. Panda Software’s antivirus solutions detect this vulnerability, known as -Exploit/Iframe- preventing the worm from running, even if the Microsoft patch, which fixes the flaw has not been installed.

When Densux runs, it creates a file called Scandisk.exe in the Windows directory, along with another executable with a name generated at random. The worm also makes an entry in the Windows Registry to ensure it is run on every system start-up.

Densux also has traditional virus characteristics, as it infects and copies part of its code to PE files.

Panda Software’s Tech Support services have received a number of reported incidents involving Densux, and the company therefore advises users to update their antivirus solutions. Panda Software users can now download this update, which ensures their antivirus detects and eliminates this malicious code, from the company’s website at http://www.pandasoftware.com.

More detailed information about this worm is available in Panda Software’s Virus Encyclopedia at: http://www.pandasoftware.com/virus_info/.