Welcome to the Virus Encyclopedia of Panda Security.
Lineage.KFS spreads to other computers by copying its code to other files or programs. It has damaging effects on the affected computer.
It avoids being detected by the user by using the following techniques:
- It terminates processes belonging to several security tools, such as antivirus programs and firewalls, so they cannot warn the user of the presence of this malware on the computer.
- It deletes the original file from which it was run once it is installed on the computer.
- It modifies system permissions in order to hide itself.
It captures certain information entered or saved by the user, with the corresponding threat to privacy:
- Passwords saved by certain Windows services.
Means of transmission
Propagation via mapped drives:
Lineage.KFS checks if the infected computer is connected to a network.
If so, it makes an inventory of all mapped drives and creates a copy of itself in each of them.
Propagation through shared network resources:
Lineage.KFS checks if the infected computer is connected to a network. If so, it tries to spread to the shared network drives.
To do this, it tries to gain access to these shared drives, using typical or easily guessed passwords.
Distribution of infected files:
Lineage.KFS does not spread automatically using its own means, but infects files of the following types:
They reach computers when previously infected files are distributed, entering computers through any of the usual channels: floppy disks, email messages with attachments, Internet download, files transferred via FTP, IRC channels, P2P file sharing networks, etc.
Lineage.KFS has the following additional characteristics:
- It is 109339 bytes in size.