Class | Email-Worm |
Platform | Win32 |
Description |
Technical DetailsThis is a worm virus that spreads via the Internet using Microsoft Outlook. The worm appears as an email message with the attached file Kiray.EXE. When the EXE-file is run the worm modify some of the keys in the system registry:
HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesNetwork This allows the worm to run its routine when running any EXE-file and after restarting the system, all icons from “Desktop” and disks icons from “My computer” Then the worm uses MAPI to spread itself via e-mail, by creating messages to all recipients in the Outlook address book: Subject: Please make peace not war The worm also tries to check Windows Address Book (WAB) which is registered in the system registry:
Finally the worm tries to remove all files in the following directories:
The worm is only fully functional if the attachment is saved by the user to C:WINDOWSTEMP directory. Otherwise the worm cannot spread correctly from the infected machine, as the worm’s message is sent without the attached exe. file. |
Find out the statistics of the threats spreading in your region |