Weekly Virus Report - Sory, Kickin, Winur Worms and AOL.Aim Trojan
Posted on 09.05.2003
This week’s report looks at four malicious code: the worms, Sory (W32/Sory), Kickin (W32/Kickin) and Winur (W32/P2P.Winur.C), and the Trojan AOL.Aim (Trj/PSW.AOL.Aim).

Sory obtains confidential information from the affected computer and sends it out to an Internet address. The data sent out by Sory includes the operating system version, the CPU number, type and speed, the amount of RAM and the e-mail address of the affected user. Similarly, Sory logs the keystrokes entered by the user of the infected computer and saves them in a file, which it also sends out. By doing this, the recipient of the message can access confidential information belonging to the user, such as the passwords for accessing certain services.

This worm spreads across networks and through computers with an English or Turkish operating system installed.

Winur.C is designed to spread rapidly through P2P (peer-to-peer) file sharing programs, such as WinMX, KaZaa or Edonkey. Once a machine is infected, the worm carries out a DoS (denial of service) attack against the www.whitepower.org web page, as well as deleting certain antivirus programs.


It also copies a lot of personal files from the infected computer to the P2P program shared directories. In this way, these files could be accessible to the virus author or any other user of these applications.

The Kickin worm spreads via e-mail using its own SMTP engine, although it also spreads via IRC and P2P applications. W32/Kickin infects Win9x, NT, 2000 and XP and is programmed in Microsoft Visual C 6.00. This worm scours the computer’s memory for a particular series of processes (related to security and antivirus software) and terminates those that it finds active.

The messages used by W32/Kickin try to trick users into running the infected file with references to topics such as SARS (Severe Acute Respiratory Syndrome), patches, love letters, games, photos of celebrities, etc.

W32/Kickin creates a script.ini file containing its code so as to spread via mIRC. It also copies itself to P2P application shared directories (KaZaA, Bearhsare, Edonkey2000 and Morpheus).

Finally, AOL.Aim is a Trojan that steals the access data of the users of the America On Line (AOL) instant messaging service. The data it obtains is the user name and password. It then sends this information to the virus author.

AOL.Aim uses various means to spread: e-mail messages with an infected document, computer networks, CD-ROMs, Internet downloads, FTP, floppy disks, etc.





Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //