TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_OPASERV.A
Overview
Solution

Malware type: Worm

Aliases: Net-Worm.Win32.Opasoft.a (Kaspersky), W32.Opaserv.Worm (Symantec), Worm/OpaSoft.AA (Avira), W32/Opaserv-A (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 95, 98, ME

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Infection Channel 1 : Propagates via network shares

Infection Channel 2 : Propagates via software vulnerabilities

Description: 

This worm takes advantage of the Share Level Password vulnerability on Windows systems to propagate via network shared C:\ drives. This vulnerability allows a remote user to access a Windows 9x/ME shared file without having to know the entire password assigned to that share. More information on this vulnerability is available at:

This worm attempts to download what appears to be updated copies of itself from a certain site. At this time of writing, the download site is not accessible and is either blocked or currently down.

It drops and executes the file flcss.exe, which is detected by Trend Micro as PE_Funlove.4099, in the Windows system folder.

Moreover, it scans for the computer name and domain name of machines connected to the network, and then sends this information to the download site.

For additional information about this threat, see:
Solution
Technical Details

Description created: Sep. 30, 2002 3:26:44 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.