You're in: Panda Security > Home Users > security-info > about-malware > encyclopedia > overview
Active Scan. Scan your PC free
Panda Security Product Line 2012

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

Dadobra.ASC

 
Threat LevelLow threatDamageHighDistributionNot widespread

Effects 

Dadobra.ASC passes itself off as a legitimate program of a certain Brazilian banking entity which requires users to enter certain data regarding their banking account.

It follows the routine below:

  • It reaches the computer in a file with the following icon:

  • When it is run, a window is displayed recommending users to install a program which offers more security when making Internet banking movements:

  • If the button Confirm is pressed, a window is displayed where the user's banking data are required like account holder and number, among others:

  • Once the information is entered, a message is displayed indicating the security component has been installed successfully:

  • This data is not verified by the Trojan, that is, it does not check if they are true or not, but it is stored anyway. Therefore, it could be used with malicious purposes.
  • This false security update is only a ruse it uses to enter the computer. During the installation process, it downloads several malicious files from a certain IP address.
  • These files are used to monitor the network traffic and are activated when users access the website of certain Brazilian banking entities in order to steal the data entered in them.
  • Then, this information is sent to a certain website which the malware creator can access.

Infection strategy 

Dadobra.ASC creates two files with a random name and with an EXE extension in the Windows system directory.

 

Además, creates an entry in the Windows Registry so that these files are automatically run whenever Windows is started.

Means of transmission 

Dadobra.ASC reaches the computer in an email message which seems to have been sent by a certain Brazilian banking entity.

However, Dadobra.ASC does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, USB devices, CD-ROMs, email messages with attached files, Internet downloads, FTPIRC channels, peer-to-peer (P2P) file sharing networks, etc.

Further Details  

Dadobra.ASC is 694,784 bytes in size.