Select Page

Everything is taken by the Kidala worm

Written by: | June 2006, 26 | | 0 |

The Kidala.E worm's rapid spread is mainly due to the fact that it can attack selected computers in many ways.

The Kidala.E worm spreads primarily through emails. It collects the required email addresses from the Windows Address Book and files with different extensions. It also generates addresses from predefined name and domain lists. In addition to email, the worm can spread to instant messaging services, network shares, and file-sharing networks.

Kidala.E opens a backdoor on infected computers, which allows an attacker to perform the following actions:
- download and run files
- update and remove the worm
- initiating denial of service (DoS) attacks

Kidala.E stops the processes associated with security software and thus exposes infected computers to additional malware.

When the Kidala.E worm starts, it performs the following actions:

1. Create the following file:
% System% \ digsol.exe

2. The registration database
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentV ersion \ Run
adds to your key
“soldig” = “%System%\digsol.exe”.

3. Create the following key in the registry:
HKEY_CURRENT_USER \ Software \ Obsidium

4. Collects email addresses from the Windows address book and files with different extensions. It also generates random email addresses using predefined names and domains.

5. Forward to the available addresses using its own SMTP component.

The subject of infected leaves may be:
[empty]
[random characters]
Error
Hello
hi
Mail Delivery System
Mail Transaction Failed
Server Report
Status

Files with .cmd, .scr, .bat, .exe, or .pif file attachments can be named:
document
message
readme

6. Try to spread through instant messaging services.

7. Attempts to exploit the vulnerabilities described in the following Microsoft security bulletins:
MS03-026
MS04-011
MS03-007
MS05-039

8. Attempts to spread through network shares. To do this, use predefined usernames and passwords.

9. Copy yourself to the shared directories of the file sharing software.

10. Open a back door through which attackers can perform malicious operations.

11. Stops the processes associated with the security software.

Reading: 1 773

Measure:

About the Author

Clingers

Related posts

Updated GPU Caps Viewer and GPU Shark

Updated GPU Caps Viewer and GPU Shark

2012-04-12

Hotfix for Futuremark test programs

Hotfix for Futuremark test programs

2007-10-12

Intel HD Graphics driver for Windows 8

Intel HD Graphics driver for Windows 8

2012-05-09

Antivirus is mimicked by the Phoney.A worm

Antivirus is mimicked by the Phoney.A worm

2007-07-24

banner

BuyBestGear

Hirdetes

ranvee

Ranvee Home Appliances