Kak Worm - An Internet Virus by Mayur Kamat SignUp
Boloji.com

Channels

In Focus

 
Analysis
Cartoons
Education
Environment
Opinion
Photo Essays
 
 

Columns

 
A Bystander's Diary
Business
Random Thoughts
 
 

Our Heritage

 
Architecture
Astrology
Ayurveda
Buddhism
Cinema
Culture
Festivals
Hinduism
History
People
Places
Sikhism
Spirituality
 
 

Society & Lifestyle

 
Health
Parenting
Perspective
Recipes
Society
Teens
Women
 
 

Creative Writings

 
Book Reviews
Computing
Ghalib's Corner
Humor
Individuality
Literary Shelf
Love Letters
Memoirs
Quotes
Stories
Travelogues
Workshop
 
 
Computing Share This Page
Kak Worm - An Internet Virus
by Mayur Kamat Bookmark and Share


In the ongoing series on computer viruses, we have already given considerable attention to the anatomy of a virus, its symptoms and modes of infection. In this article, I am going to talk on worms. These are a special type of viruses in the sense that they are more to annoy you rather than cause destruction. We will also take a look at kak.worm, the latest offering of the underground in this category.

A worm is a self-contained program or set of programs that can propagate from one machine to another. Unlike a virus, the computer worm does not need to modify a host program to spread. First notable instance of a worm is the Internet Worm, which supposedly originated in 1988. It infected almost 6000 machines connected to the Internet running Sun OS and UNIX. This figure may not sound alarming today when there are millions of machines connected to the net but it was a total chaotic situation then when the ration of infected machines to the total was substantial.

The most important characteristic of a worm is that it must be able to send one or more executable program/s to target client machines connected to a network before it can function. After the worm establishes itself, and is executing on a new machine, it can then spread to other machines on the Internet. Earlier versions of Win 95 (OSR1) did not provide remote execution facility and hence the number of worms for the PC platform was few. But today, worms are lot more intelligent than they used to be. Written mostly in Visual Basic script (VBScript), they today use intelligent algorithms to avoid detection and promote mass spread.

Today, worms use email clients as their mode of infection. The actual modus operandi may vary from worm to worm. I take the case of kak.worm to illustrate the way a worm spreads and executes:

Method of Infection

Kak.worm consists of the main .vbs file Kak.htm which resides in the Windows folder along with Kak.reg which contains all the configuration of the worm. This attaches the kak.htm as a signature to all outgoing mails of the infected computer. This signature is not visible and it needs not be executed in order to get infected as uses the loophole in Outlook Express preview window. So as soon as you view the mail, you are infected.

How does the Worm work?

The worm adds a .HTA file in the Windows/system folder. There is a registry key in the Run folder (Run Regedit.exe and then go to Local Machine/software/Microsoft/Windows/Current Version/Run) which starts this HTA file each time Windows starts or reboots. Also the Autoexec.bat is modified and a entry is added in the startup folder. So it attacks from 3 directions (registry, autoexec and startup), in case one fails.

What does it do?

As said earlier, it does not cause data loss. It gives an irritating Driver Memory Error on startup and sends itself along with all your emails.

How do I remove it?

Change Folder options to show all files. Then deleted kak.htm and kak.reg from windows folder and the .hta file from system folder. Then remove the registry key of the .hta file from the previously specified location. Delete the startup entry and the entry in the Autoexec.bat. If you are not comfortable with registry editing, you can go to Symantec.com and search there for kak.worm. They have a patch to remove kak. To fix the Outlook Express preview loophole go to Microsoft.com. There are lot of valuable resources on viruses on the Net. Check the Virus section of links. Also searching for kak.worm on Google.com may give you what more you are looking for.

Next time, we shall take a look on Email Virus Hoaxes. Till then hang on.

Share This:
29-Jul-2001
More by :  Mayur Kamat
 
Views: 2846      Comments: 0




Name *
Email ID
 (will not be published)
Comment
Characters
Verification Code*
Can't read? Reload
Please fill the above code for verification.
 
Top | Computing



 
 
 
 
 
 
 
2018 All Rights Reserved
 
No part of this Internet site may be reproduced without prior written permission of the copyright holder
.