Home | Hindi | Kabir | Poetry | Workshop | BoloKids | Writers | Contribute | Search | Contact | Share This Page!                Shop Online
        Click & Connect : Prepaid International Calling Cards 
  News
Channels
In Focus

Analysis  
Bolography  
Cartoons
Environment   
Opinion 

Columns
 Business
 My Word 
 PlainSpeak 
 Random Thoughts 
Our Heritage

Architecture
Astrology
Ayurveda
Buddhism
Cinema 
Culture
Dances
Festivals
Hinduism
History  
People  
Places 
Sikhism
Spirituality 
Vastu 
Vithika  

Society & Lifestyle

Family Matters 
Health
Parenting
Perspective 
Recipes
Society
Teens 
Women 

Creative Writings

Book Reviews
Ghalib's Corner
Humor
Individuality
Jagoji
Literary Shelf 
Love Letters  
Memoirs
Musings
Ramblings
Stories
Travelogues

Computing
  General Articles
  CC++ 
  Flash 
  Internet Security 
  Java 
  Linux     
  Networking  
Advertisement
 Boloji Prepaid
 International
 Calling Cards

 

Computing | Internet Security   
Kak Worm - An Internet Virus

In the ongoing series on computer viruses, we have already given considerable attention to the anatomy of a virus, its symptoms and modes of infection. In this article, I am going to talk on worms. These are a special type of viruses in the sense that they are more to annoy you rather than cause destruction. We will also take a look at kak.worm, the latest offering of the underground in this category.

A worm is a self-contained program or set of programs that can propagate from one machine to another. Unlike a virus, the computer worm does not need to modify a host program to spread. First notable instance of a worm is the Internet Worm, which supposedly originated in 1988. It infected almost 6000 machines connected to the Internet running Sun OS and UNIX. This figure may not sound alarming today when there are millions of machines connected to the net but it was a total chaotic situation then when the ration of infected machines to the total was substantial.

The most important characteristic of a worm is that it must be able to send one or more executable program/s to target client machines connected to a network before it can function. After the worm establishes itself, and is executing on a new machine, it can then spread to other machines on the Internet. Earlier versions of Win 95 (OSR1) did not provide remote execution facility and hence the number of worms for the PC platform was few. But today, worms are lot more intelligent than they used to be. Written mostly in Visual Basic script (VBScript), they today use intelligent algorithms to avoid detection and promote mass spread.

Today, worms use email clients as their mode of infection. The actual modus operandi may vary from worm to worm. I take the case of kak.worm to illustrate the way a worm spreads and executes:

Method of Infection

Kak.worm consists of the main .vbs file Kak.htm which resides in the Windows folder along with Kak.reg which contains all the configuration of the worm. This attaches the kak.htm as a signature to all outgoing mails of the infected computer. This signature is not visible and it needs not be executed in order to get infected as uses the loophole in Outlook Express preview window. So as soon as you view the mail, you are infected.

How does the Worm work?

The worm adds a .HTA file in the Windows/system folder. There is a registry key in the Run folder (Run Regedit.exe and then go to Local Machine/software/Microsoft/Windows/Current Version/Run) which starts this HTA file each time Windows starts or reboots. Also the Autoexec.bat is modified and a entry is added in the startup folder. So it attacks from 3 directions (registry, autoexec and startup), in case one fails.

What does it do?

As said earlier, it does not cause data loss. It gives an irritating Driver Memory Error on startup and sends itself along with all your emails.

How do I remove it?

Change Folder options to show all files. Then deleted kak.htm and kak.reg from windows folder and the .hta file from system folder. Then remove the registry key of the .hta file from the previously specified location. Delete the startup entry and the entry in the Autoexec.bat. If you are not comfortable with registry editing, you can go to Symantec.com and search there for kak.worm. They have a patch to remove kak. To fix the Outlook Express preview loophole go to Microsoft.com. There are lot of valuable resources on viruses on the Net. Check the Virus section of links. Also searching for kak.worm on Google.com may give you what more you are looking for.

Next time, we shall take a look on Email Virus Hoaxes. Till then hang on.

– Mayur Kamat
July 29, 2001



The Worms on the Net     
Security: A Futile Endeavor!    
Glossary of TCP/IP Terms     
Remote Admin Tools     
Hacking     
TCP/IP – The Entire Net Runs On A Set of Rules    
Telnet    
Internet Warfare     
RATS    
Type of RATS   
Trojans - The Method of Infection   
Subseven – Beware of this one!  
Port Scanners   
What is Hacking? by Anup Gaurav
 
Virus Related Articles
The Anatomy of a Virus 
Viruses - Types & Examples
Symptoms of Virus Infection
Kak Worm - An Internet Virus 
Melissa   
W95.MTX    

Computing
CC++ | Flash | Java 
Linux | Networking  

General Articles

Top | Previous | Next 
 


 

Recommend This Page!

Analysis | Architecture | Astrology | Ayurveda | Book Reviews | Buddhism | Cartoons | Cinema | Computing | Culture | Dances
Environment | Fables | Family Matters | Festivals | Hinduism | Health | History | Home Remedies | Humor | Individuality | Jagoji
Literary Shelf | Memoirs | Musings | Opinion | Parenting | Perspective | Photo Essays | Places | Ramblings
Random Thoughts | Recipes | Sikhism | Society | Spirituality | Stories | Teens | Travelogues | Vastu | Vithika | Women

Home | Hindi | Bolography | BoloKids | Kabir | Poetry | Quotes | Workshop | Writers | Contribute | Search | Contact


Boloji.com is owned and managed by Boloji Media Inc
Privacy Policy | Disclaimer
No part of this Internet site may be reproduced without prior written permission of the copyright holder.