Kak worm

KAK (Kagou Anti Krosoft) is a 1999 JavaScript worm that uses a bug in Outlook Express to spread itself.^[1]

Behavior

On the first day of every month, at 5:00 pm, the worm uses SHUTDOWN.EXE to initiate a shutdown and show a popup with text Kagou-anti-Kro$oft says not today!. A minimized window often appears on startup with the title "Driver Memory Error". Another message saying "S3 Driver Memory Alloc Failed!" occasionally pops up. The worm also adds a registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cAg0u and edits AUTOEXEC.BAT to make Windows launch it on startup.

The worm adds these commands to AUTOEXEC.BAT:

@ECHO off C:\Windows\Start Menu\Programs\StartUp\kak.hta
 DEL C:\Windows\Start Menu\Programs\StartUp\kak.hta

References

↑ "Kak Worm - An Internet Virus by Mayur Kamat". Retrieved 2015-06-07.

External links

VBS.KAK kak writeup and info at pchell.com
Wscript.KakWorm on Symantec.com
JS/Kak@M on McAfee

This article is issued from Wikipedia - version of the 3/20/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.