Free Web Hosting Provider - Web Hosting - E-commerce - High Speed Internet - Free Web Page
Search the Web

Database : Wscript.KakWorm
Wscript.KakWorm
Virus Name: Wscript.KakWorm
Aliases: VBS.Kak.Worm, VBS.Kak.Worm.dr, Kagou-Anti-Krosoft, VBS/Kakworm, Wscript.Kak.A, JS/Kak, JS/Kak.worm, Mid/Kakworm, JS.Kakworm, VBS_Kakworm.A
Type: Worm
Resident: No
Stealth: No
Trigger: First of any month at 5pm
Payload: Modifies the registry keys and shuts down Windows
Comments:

Wscript.KakWorm is a worm. It spreads using Microsoft Outlook Express. The worm attaches itself to all outgoing messages using the Signature feature of Outlook Express. Signatures enable you to automatically append information at the end of all outgoing messages.

This worm uses three files to deliver its payload. The file extensions are:

  • .hta
  • .reg
  • .bat

The message that contains this worm is written in an HTML format that supports scripting. It uses a security hole in Microsoft Outlook/Outlook Express that is known as "Scriptlet TypeLib," and it places a shortcut to an .hta file in the StartUp folder. The next time the computer is restarted, the .hta file is run.

Copyright © 2001, All Rights Reserved.
Created & Maintained by VQUEST.