White Papers
I-Worm.Kiray (Kaspersky)
Overview
Date: Tuesday, October 23, 2001
I-Worm.Kiray is a worm virus that spreads via the Internet using Microsoft Outlook. The worm appears as an email message with the attached file Kiray.EXE. When the EXE-file is run the worm modify some of the keys in the system registry:
HKCR\exefile\shell\open\command\
""="c:\windows\temp\Kiray.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDesktop=1
NoDrives=1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Network\
NoNetSetup=1
This allows the worm to run its routine when running any EXE-file and after restarting the system, all icons from "Desktop" and disks icons from "My computer" are hidden.
Then the worm uses MAPI to spread itself via e-mail, by creating messages to all recipients in the Outlook address book.
| Publisher | Kaspersky Lab | File Format | HTML |
|---|---|---|---|
| Date Published | October 2001 | ||
| Format | White Papers | ||
| Topics |
|
||
-
Did you find this white paper useful? 1 out of 2 users found this white paper useful
White Paper RSS