VIRUS-DISCUSSION-L Archives
Archiver > VIRUS-DISCUSSION > 2000-03 > 0953870511
From:
Subject: Re: [VIRUS] My first Virsu
Date: Thu, 23 Mar 2000 23:01:51 EST
Whooops!!
Also found it is not only MS IE 5 that is affected, but also Netscape
Navigator:
http://vil.nai.com/vil/wsh10509.asp
The email spreading method is possible by a registry modification which adds
a signature to MS Outlook Express 5. The signature is set to include the file
"C:\WINDOWS\kak.htm" and is set as the default signature such that the worm
is spread on all outgoing email if the signature is included.
The contents of the HTM file are just a small file which consists of script
to run the KAK.HTA file which already exists on the target machine. The code
looks specifically for browser versions IE5 or NetScape Navigator higher than
v4.0. Finally this worm also has a payload which is date activated.
Gloria
This thread:
| Re: [VIRUS] My first Virsu by |