W32.Kangarootha Very serious
Apr 18th 2004, 1:23 am
#1
Thread Starter
Joined: Aug 2003
Posts: 11,149
W32.Kangarootha Very serious
Virus Summary
Virus Name Risk Assessment
W32.Kangarootha Very serious
Virus Information
Discovery Date: 20/08/2002
Origin: Queensland, Australia
Length: seriously small
Type: Virus, Internet worm
SubType: E-mail, Download,
Description Updated: 24/8/3002 8:43 AM
Virus Characteristics
WogLife Technical support urge all readers to be on the lookout for an extremely dangerous, destructive and downright embarrassing virus which has attacked several computers in recent hours.
Called Kangarootha the worm arrives via an Internet email message with the following details
Subject: Bro! It's fully sick
Attachment: That Chick from PIZZA naaaaaked.SCR
The attachment is a UPX packed PE file. When executed on the local machine, the following image is displayed whilst the worm copies itself to the System folder, and uses Outlook to propagate itself to all address found in the Outlook Address book:
The following Registry key is added to ensure the worm is executed at subsequent system startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\_
Run 'stmgr' = C:\WINDOWS\SYSTEM\Im_a_shkippy_wannabe.scr
Upon restarting the machine, the worm does not propagate again, and the above image is not displayed. Instead the worm is intended to delete the following files from the infected machine:
*.COM and *.SYS from C:\
All R&B MP3 files located on the C: Drive
Kangarootha Virus
Virus Name Risk Assessment
W32.Kangarootha Very serious
Virus Information
Discovery Date: 20/08/2002
Origin: Queensland, Australia
Length: seriously small
Type: Virus, Internet worm
SubType: E-mail, Download,
Description Updated: 24/8/3002 8:43 AM
Virus Characteristics
WogLife Technical support urge all readers to be on the lookout for an extremely dangerous, destructive and downright embarrassing virus which has attacked several computers in recent hours.
Called Kangarootha the worm arrives via an Internet email message with the following details
Subject: Bro! It's fully sick
Attachment: That Chick from PIZZA naaaaaked.SCR
The attachment is a UPX packed PE file. When executed on the local machine, the following image is displayed whilst the worm copies itself to the System folder, and uses Outlook to propagate itself to all address found in the Outlook Address book:
The following Registry key is added to ensure the worm is executed at subsequent system startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\_
Run 'stmgr' = C:\WINDOWS\SYSTEM\Im_a_shkippy_wannabe.scr
Upon restarting the machine, the worm does not propagate again, and the above image is not displayed. Instead the worm is intended to delete the following files from the infected machine:
*.COM and *.SYS from C:\
All R&B MP3 files located on the C: Drive
Kangarootha Virus
Apr 18th 2004, 1:44 am
#2
Guest
Posts: n/a
V variant of Netsky
This one may be a bad one too..
V variant of Netsky
Although it has not caused a significant number of infections, it stands out for the means of transmission it uses.
Unlike the majority of worms, Netsky.V does not hide in an attached file and wait for the user to run it, but exploits a vulnerability to download itself from another computer that it has already infected.
Virus Encyclopedia
Microsoft Patch for this
V variant of Netsky
Although it has not caused a significant number of infections, it stands out for the means of transmission it uses.
Unlike the majority of worms, Netsky.V does not hide in an attached file and wait for the user to run it, but exploits a vulnerability to download itself from another computer that it has already infected.
Virus Encyclopedia
Microsoft Patch for this
Apr 18th 2004, 6:02 am
#3
Home and Happy
Joined: Dec 2002
Location: Keep true friends and puppets close, trust no-one else...
Posts: 93,814
So having just resurrected this little toy from its last breakdown, can you experts tell me if up-to-date Norton protects against these???
Apr 18th 2004, 6:22 am
#4
Guest
Posts: n/a
Originally posted by Pollyana
So having just resurrected this little toy from its last breakdown, can you experts tell me if up-to-date Norton protects against these???
So having just resurrected this little toy from its last breakdown, can you experts tell me if up-to-date Norton protects against these???
But, for the first one, don't open any attachments ! That saves many problems
For the second, use the Microsoft patch update, I put the link on my post.
Even though the patch is dated Oct 2003, i only got an advise about the virus today, from my virus updates.
Apr 18th 2004, 6:32 am
#5
Banned
Joined: Mar 2003
Posts: 4,432
Originally posted by Pollyana
So having just resurrected this little toy from its last breakdown, can you experts tell me if up-to-date Norton protects against these???
So having just resurrected this little toy from its last breakdown, can you experts tell me if up-to-date Norton protects against these???
Only known cure is to re-boot yourself.
Apr 18th 2004, 12:36 pm
#6
Dutch expat/Aus citizen
Joined: Apr 2003
Location: South East, Perth (was Holland)
Posts: 5,789
Re: W32.Kangarootha Very serious
Originally posted by bondipom
Virus Characteristics
WogLife Technical support urge all readers to be on the lookout for an extremely dangerous, destructive and downright embarrassing virus which has attacked several computers in recent hours.
Subject: Bro! It's fully sick
Attachment: That Chick from PIZZA naaaaaked.SCR
Kangarootha Virus
Virus Characteristics
WogLife Technical support urge all readers to be on the lookout for an extremely dangerous, destructive and downright embarrassing virus which has attacked several computers in recent hours.
Subject: Bro! It's fully sick
Attachment: That Chick from PIZZA naaaaaked.SCR
Kangarootha Virus
Only known cure is to re-boot yourself.
Apr 18th 2004, 12:46 pm
#7
Guest
Posts: n/a
I think I should read these posts from Bondipom more carefully
Apr 18th 2004, 1:11 pm
#8
Dutch expat/Aus citizen
Joined: Apr 2003
Location: South East, Perth (was Holland)
Posts: 5,789
Originally posted by ABCDiamond
I think I should read these posts from Bondipom more carefully
I think I should read these posts from Bondipom more carefully
lol!I noticed the word Pizza....
And kangarootha sounded a bit suss too....
Oh and '...embarrassing virus...'
Apr 18th 2004, 11:01 pm
#9
Thread Starter
Joined: Aug 2003
Posts: 11,149
Originally posted by ABCDiamond
I think I should read these posts from Bondipom more carefully
I think I should read these posts from Bondipom more carefully
Hope you did not forward it on to everyone in your address book. Somehow I cannot see your HDD being full of R&B mp3s
Polly as long as you keep Norton up to date your PC should be protected. I would also make sure you run windows update regularly.
To protect against Kangarootha regular trips onto here and the odd flight to blighty should be enough preventative maintenance.
Apr 18th 2004, 11:10 pm
#10
Guest
Posts: n/a
Originally posted by bondipom
He he
Hope you did not forward it on to everyone in your address book. Somehow I cannot see your HDD being full of R&B mp3s
He he
Hope you did not forward it on to everyone in your address book. Somehow I cannot see your HDD being full of R&B mp3s
I keep telling my wife that I can't find out how to download music !! But then again, now I am on unlimited downloads I suppose I could give it a whirl again. The problem that I found with kazaa, when I first used it, was that the recordings were not that good, so I gave up.
I get daily virus updates by email, and your one, at first glance, seemed in a very similar format, so I didn't even read it !!
But it was good
Apr 19th 2004, 3:21 am
#11
Thread Starter
Joined: Aug 2003
Posts: 11,149
The alerts to arrive every few hours although pervasive viruses seem to arise twice a week. I would avoid Kazaa and try something like DC++ or e-mule .
Apr 19th 2004, 4:10 am
#13
Thread Starter
Joined: Aug 2003
Posts: 11,149
Originally posted by JulesandChris
'Trust No One'
Not even bondipom!!!
'Trust No One'
Not even bondipom!!!
