Description:
This worm propagates by sending a copy of itself as an attachment to email messages. It gathers target email addresses by searching an affected system for files with certain extensions.
The email it sends out has the following details:
Subject: {blank}
Attachment: Kangen.exe
Notably, it avoids sending messages to email addresses containing strings that can mostly be attributed to antivirus and security companies. This worm avoids addresses with such strings to prevent its early detection on the compromised system.
This worm modifies the AUTOEXEC.BAT file, causing affected systems to pause at startup. The said event then requires the user to press any key to resume the startup process.
It also disables the Folder Options item in the Tools drop-down menu from the main menu bar of Windows Explorer and Control Panel. The said action prevents the affected user from changing such settings as displaying hidden folders and displaying file paths in title bars.
Furthermore, this worm restarts the affected system if it finds an open window with the strings .EXE and/or Registry in the title bar. Hence, if a user opens Registry Editor, or any other executable file, this worm restarts the system.
This worm uses a Windows folder icon to trick affected users that it is a normal or legitimate folder. Once clicked, it even opens a Windows Explorer window to hide its execution routines.
For additional information about this threat, see:
Solution
Technical Details
Description created: Oct. 25, 2005 3:36:41 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
