An Unattached Virus
The KakWorm, first identified in December of 1999, continues to occasionally infect computer users. The KakWorm, unlike most viruses, does not appear in attachments. This virus takes advantage of a security lapse in Microsoft's Outlook, Outlook Express, and Internet Explorer. By taking advantage of ActiveX and the Windows Scripting Host, the worm infects users who open infected HTML format email messages. The worm arrives embedded in an email message as the message HTML signature. The recipient of the message cannot see any visible symptoms as there is no displayable text in the signature.
Because the virus is not included as an attachment it is difficult to detect; it runs automatically when the infected message is opened or previewed. The KakWorm may also infect newsgroup postings, which are downloaded via the OE newsreader. Users of non-Microsoft browsers or mailers are not affected.
Recipients of infected messages may receive warnings such as the following:
- "Do you want to allow software such as ActiveX controls and plug-ins to run?" - Users should select NO.
- "Scripts are usually safe. Do you want to allow scripts to run?" - Again, users should select NO.
This virus will cause Windows shutdowns, and on the first of each month your system will display "Kagou-Anti-Kro$oft says not today" and run Windows shutdown.
Microsoft has issued a security bulletin and provided a patch that eliminates security vulnerabilities in two ActiveX controls.
Back to Virus Main Index
|
|
