Kak Worm - An Internet Virus by Mayur Kamat SignUp
Boloji.com
Boloji
Home Kabir Poetry Blogs BoloKids Writers Contribute Search Contact Site Map Gift Shop Advertise RSS Login Register
Boloji
Channels

In Focus

Analysis
Cartoons
Education
Environment
Going Inner
Opinion
Photo Essays

Columns

A Bystander's Diary
Business
My Word
PlainSpeak
Random Thoughts

Our Heritage

Architecture
Astrology
Ayurveda
Buddhism
Cinema
Culture
Dances
Festivals
Hinduism
History
People
Places
Sikhism
Spirituality
Vastu
Vithika

Society & Lifestyle

Family Matters
Health
Parenting
Perspective
Recipes
Society
Teens
Women

Creative Writings

Book Reviews
Ghalib's Corner
Humor
Individuality
Literary Shelf
Love Letters
Memoirs
Musings
Quotes
Ramblings
Stories
Travelogues
Workshop

Computing

CC++
Computing Articles
Flash
Internet Security
Java
Linux
Networking
Internet Security Share This Page
Kak Worm - An Internet Virus
by Mayur Kamat Bookmark and Share
 


In the ongoing series on computer viruses, we have already given considerable attention to the anatomy of a virus, its symptoms and modes of infection. In this article, I am going to talk on worms. These are a special type of viruses in the sense that they are more to annoy you rather than cause destruction. We will also take a look at kak.worm, the latest offering of the underground in this category.

A worm is a self-contained program or set of programs that can propagate from one machine to another. Unlike a virus, the computer worm does not need to modify a host program to spread. First notable instance of a worm is the Internet Worm, which supposedly originated in 1988. It infected almost 6000 machines connected to the Internet running Sun OS and UNIX. This figure may not sound alarming today when there are millions of machines connected to the net but it was a total chaotic situation then when the ration of infected machines to the total was substantial.

The most important characteristic of a worm is that it must be able to send one or more executable program/s to target client machines connected to a network before it can function. After the worm establishes itself, and is executing on a new machine, it can then spread to other machines on the Internet. Earlier versions of Win 95 (OSR1) did not provide remote execution facility and hence the number of worms for the PC platform was few. But today, worms are lot more intelligent than they used to be. Written mostly in Visual Basic script (VBScript), they today use intelligent algorithms to avoid detection and promote mass spread.

Today, worms use email clients as their mode of infection. The actual modus operandi may vary from worm to worm. I take the case of kak.worm to illustrate the way a worm spreads and executes:

Method of Infection

Kak.worm consists of the main .vbs file Kak.htm which resides in the Windows folder along with Kak.reg which contains all the configuration of the worm. This attaches the kak.htm as a signature to all outgoing mails of the infected computer. This signature is not visible and it needs not be executed in order to get infected as uses the loophole in Outlook Express preview window. So as soon as you view the mail, you are infected.

How does the Worm work?

The worm adds a .HTA file in the Windows/system folder. There is a registry key in the Run folder (Run Regedit.exe and then go to Local Machine/software/Microsoft/Windows/Current Version/Run) which starts this HTA file each time Windows starts or reboots. Also the Autoexec.bat is modified and a entry is added in the startup folder. So it attacks from 3 directions (registry, autoexec and startup), in case one fails.

What does it do?

As said earlier, it does not cause data loss. It gives an irritating Driver Memory Error on startup and sends itself along with all your emails.

How do I remove it?

Change Folder options to show all files. Then deleted kak.htm and kak.reg from windows folder and the .hta file from system folder. Then remove the registry key of the .hta file from the previously specified location. Delete the startup entry and the entry in the Autoexec.bat. If you are not comfortable with registry editing, you can go to Symantec.com and search there for kak.worm. They have a patch to remove kak. To fix the Outlook Express preview loophole go to Microsoft.com. There are lot of valuable resources on viruses on the Net. Check the Virus section of links. Also searching for kak.worm on Google.com may give you what more you are looking for.

Next time, we shall take a look on Email Virus Hoaxes. Till then hang on.

29-Jul-2001
More by :  Mayur Kamat
 
Views: 2131
Share This Page
Post a Comment
Bookmark and Share
Name*
Email ID*  (will not be published)
Comment
Verification Code*
P5W55
Please fill the above code for verification.

    

 
 
Top | Internet Security



 

~*~
Solitude and other poems by Rajender Krishan 

    A Bystander's Diary     Analysis     Architecture     Astrology     Ayurveda     Book Reviews
    Buddhism     Business     Cartoons     CC++     Cinema     Computing Articles
    Culture     Dances     Education     Environment     Family Matters     Festivals
    Flash     Ghalib's Corner     Going Inner     Health     Hinduism     History
    Humor     Individuality     Internet Security     Java     Linux     Literary Shelf
    Love Letters     Memoirs     Musings     My Word     Networking     Opinion
    Parenting     People     Perspective     Photo Essays     Places     PlainSpeak
    Quotes     Ramblings     Random Thoughts     Recipes     Sikhism     Society
    Spirituality     Stories     Teens     Travelogues     Vastu     Vithika
    Women     Workshop
RSS Feed RSS Feed Home | Privacy Policy | Disclaimer | Site Map

garcinia cambogia

seo services

seo services

No part of this Internet site may be reproduced without prior written permission of the copyright holder.
Developed and Programmed by ekant solutions