||||
Symantec.com > Security Response > Threats and Risks > W32.Kergez.A@mm
PRINT THIS PAGE

W32.Kergez.A@mm

Risk Level 1: Very Low

Printer Friendly Page

Discovered: August 5, 2003
Updated: February 13, 2007 12:04:38 PM
Also Known As: I-Worm.Kergez [KAV]
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP


W32.Kergez.A@mm is a mass-mailing worm that sends itself to all the email addresses that it finds in the following files:
  • Files with the *.asp, *.ht* extensions.
  • Files located in any of the directories specified in the registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders.

The email messages will have the following characteristics:

Subject: (One of the following)
  • Are you vulnerable to identity theft!
  • Protects against viruses, worms, Trojans & hackers.
  • Position Virus Percentage by Occurrence...
  • Microsoft Software Update Services
  • Saves money with 12 months of fast free antivirus updates
  • Cleans and removes infected files
  • Now its even easier to reduce spam
  • The easy, automatic way to keep your PC virus free
  • Protects against Trojans hackers
  • Kisacasi AntiVirusleri update etmeyi unutmayin ;)
  • Protects against viruses
  • InternetExplorer security patch
  • Online hackers
Attachment: (One of the following)
  • WinXP_Virus_Patch.exe
  • Virusun_Ensesine_Tokat.exe
  • Sophos_Patch.exe
  • Flood_Protect.exe
  • TrendMicro_Patch.exe
  • InternetWorm_Clean.exe
  • Fprot_Patch.exe
  • Security.exe
  • PantaAntivirus_Patch.exe
  • DoS_Protect.exe
  • DDoS_Kill.exe
  • Virus_Research.exe
  • Kaspersky_Patch.exe
  • BullGuard_Patch.exe
  • Norton_Patch.exe
  • Virus_Cleaner.exe
  • Virus_Guard.exe
  • Protect.exe
  • Virus_Hunter_II.exe
  • Internet_Speed.exe
  • Virus_Block.exe
  • Antivir.exe
The worm attempts to terminate the processes of various programs, including antivirus software.

W32.Kergez.A@mm is written in Microsoft Visual C++ and is UPX-packed.

Protection

  • Initial Rapid Release version August 6, 2003
  • Latest Rapid Release version March 31, 2009 revision 036
  • Initial Daily Certified version August 6, 2003
  • Latest Daily Certified version April 15, 2009 revision 048
  • Initial Weekly Certified release date August 6, 2003

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Moderate

Damage

  • Damage Level: Medium

Distribution

  • Distribution Level: High

Writeup By: Scott Gettis
Search by name
Example: W32.Beagle.AG@mm
Learn more about Zero-Day / Operation Aurora / Hydraq
Symantec DeepSight Screensaver
©1995 - 2010 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS