Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

JS/Kak

JS/Kak is a worm written in the script language JavaScript and probably comes from France.  It belonged to one of the most widespread infiltrations.  It works only with the English and French versions of Windows and only in case that the operating system is installed in the directory "C:\WINDOWS“.  To spread the worm uses MS Outlook Express; unlike most other worms it does not add its body to the message as an attachment but locates itself into a message in HTML format as a program in JavaScript.  When an infected email is opened or a preview displayed the script is automatically started and the worm takes over control.  This technology is very efficient because it does not require a direct interaction of the user.  The worm in MS Outlook activates itself and infects the system but it is not able to spread.  During the process of infection the worm creates the file KAK.HTM in the directory WINDOWS.  In addition the worm creates a file with a random filename and with the extension HTA in the same directory.  Besides it creates the file KAK.HTA in the directory STARTUP.  When, thanks to this, the worm gets activated after a restart it moves to the Windows directory, registers this new copy in registries in auto-run section and removes its first copy.  Then it registers itself in the MS Outlook Express registry section as a standard signature.  It means that Outlook Express will automatically send the worm together with each new message.  The worm needs to implement these steps to get access to system registers, and it can get it only as a disk file (from Local Intranet Zone).  To conceal its presence the worm deletes its copy in the directory Windows Startup.  All programs that are located there are showing up.  It manifests itself on the first day in a month when it writes the following message after 5 o’clock in the afternoon:

Kagou-Anti-Kro$oft says not today!

and then it closes WINDOWS.

© 1992-2004 Eset s.r.o. All rights reserved. No part of this encyclopedia may be reproduced, transmitted or used in any other way in any other form or by any means without prior permission from Eset.