Active Scan. Scan your PC free
Panda Security Product Line 2012

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

Kakworm

 
Threat LevelModerate threatDamageHighDistributionNot widespread

Effects 

Kakworm carries out the following actions:

  • It activates the first day of every month, after five o'clock in the afternoon.
  • It displays a message on screen:

  • It restarts the computer when the user clicks on OK in the window displayed. This results in the loss of all the information that has not been saved since the start of the session.

Infection strategy 

Kakworm creates the following files:

  • KAK.HTA, in the Startup directory in only English and French versions of Windows:
    C:\ WINDOWS\ MENUDÉ~1\ PROGRA~1\ DÉMARR~1 for the French version.
    C:\ WINDOWS\ STARTM~1\ PROGRAMS\ STARTUP for the English version.
    By creating this file in those directories, Kakworm ensures that it is run whenever those operating systems are restarted.
  • KAK.REG, in the Windows directory. Kakworm uses this file to modify the Windows Registry.
  • KAK.HTM, in the Windows directory, when the computer is restarted after the infection. This is the file included in the AutoSignature of the messages sent from the affected computer. Kakworm activates when these messages are viewed through the Outlook Preview Pane.

Kakworm creates the following entries in the Windows Registry:

  • HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run
    The value of this entry will point to the worm's file.
    By creating this entry, Kakworm ensures that it is run whenever Windows is started.
  • HKEY_CURRENT_USER\ Identities\ '+idn+'\ Software\ Microsoft\ Outlook\ Express\ 5.0\ Signatures
    where idn stands for an ActiveX registry key.
    These two entries are included in the file KAK.REG.

Means of transmission 

Kakworm spreads via e-mail. It follows the routine below:

  • It reaches the computer hidden in the AutoSignature of an e-mail message.
  • It activates when the content of the message is viewed through the Outlook Preview Pane. Kakworm will also be run if the message is opened.
  • It sends itself out, by adding itself to the AutoSignature of all the messages that are sent from the affected computer.

Further Details  

Kakworm is written in the programming language Visual Basic Script.