|
Description:
This destructive, memory-resident worm is a slightly modified build of WORM_OPASERV.M. Like earlier OPASERV variants, this malware propagates via shared network drives. Its destructive payloads are executed when the system date is between December 24 to 31 or when the year is greater than 2002.
This worm deletes files, overwrites the boot sector, and destroys the CMOS, a critical system element which holds hardware configuration and initialization settings. These payloads leave infected systems practically unusable.
It also attempts to insert code in the WIN.INI configuration file to execute its component and modifies the registry so that it automatically executes on every Windows startup.
This worm utilizes a known exploit that enables malicious users to access shared drives, as discussed in a security bulletin from Microsoft.
This worm runs on all Windows platforms.
Trend Micro antivirus detects this malware as TROJ_WINKILL.A with pattern file 413.
For additional information about this threat, see:
Solution
Technical Details
Description created: Feb. 2, 2003 5:06:18 AM GMT -0800
Description updated: Feb. 2, 2003 5:29:18 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
