Kak worm
Encyclopedia
KAK is 1999 a JavaScript
worm that uses a bug in Outlook Express
to spread itself.
On the first day of every month, at 5:00 pm, the worm uses shutdown.exe to initiate a shutdown and show a popup with text "Kagou-anti-Kro$oft says not today!". A minimized window often appears on startup with the title "Driver Memory Error". Another message saying "S3 Driver Memory Alloc Failed!" occasionally pops up. The worm also adds a registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cAg0u and edits autoexec.bat
to make Windows launch it on startup.
The worm adds these commands to autoexec.bat:
@echo off C:\Windows\Start Menu\Programs\StartUp\kak.hta
Del C:\Windows\Start Menu\Programs\StartUp\kak.hta
JavaScript
JavaScript is a prototype-based scripting language that is dynamic, weakly typed and has first-class functions. It is a multi-paradigm language, supporting object-oriented, imperative, and functional programming styles....
worm that uses a bug in Outlook Express
Outlook Express
Outlook Express is an email and news client that is included with Internet Explorer versions 4.0 through 6.0. As such, it is also bundled with several versions of Microsoft Windows, from Windows 98 to Windows Server 2003, and is available for Windows 3.x, Windows NT 3.51, Windows 95 and Mac OS 9...
to spread itself.
On the first day of every month, at 5:00 pm, the worm uses shutdown.exe to initiate a shutdown and show a popup with text "Kagou-anti-Kro$oft says not today!". A minimized window often appears on startup with the title "Driver Memory Error". Another message saying "S3 Driver Memory Alloc Failed!" occasionally pops up. The worm also adds a registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cAg0u and edits autoexec.bat
AUTOEXEC.BAT
AUTOEXEC.BAT is a system file found originally on DOS-type operating systems. It is a plain-text batch file that is located in the root directory of the boot device...
to make Windows launch it on startup.
The worm adds these commands to autoexec.bat:
@echo off C:\Windows\Start Menu\Programs\StartUp\kak.hta
Del C:\Windows\Start Menu\Programs\StartUp\kak.hta
External links
- VBS.KAK kak writeup and info at pchell.com
- Wscript.KakWorm on Symantec.com
- JS/Kak@M on McAfee