Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically


W32.Supova.Worm, W32.Kitty.Worm, Worm.P2P.Surnova

Win32/Surnova.A is a worm spreading in the environment of the P2P (peer-to-peer) Kazaa network and MSN Instant Messenger.  Kazaa is an exchange system enabling file sharing via the Internet.  The worm is an executable file in the PE format having a file size of 40960 bytes.  It is written in Visual Basic, and requires for its operation the library MSVBVM60.DLL.  The worm lures a Kazaa or MSN Instant Messenger users into downloading and running its copy by using an attractive file-name.

When the file is run, a copy of the worm is place into the directory C:/Windows/Media randomly choosing the file name from the number of different options:

Gamecube Emulator (WORKS!!).exe
Grand theft auto 3 CD1 crack.exe
GTA3 crack.exe
Hack into any computer!!.exe
Half-life ONLINE key generator.exe
Half-life WON key generator.exe
KaZaA media desktop v2.0 UNOFFICIAL.exe
KaZaA spyware remover.exe
Key generator for all windows XP versions.exe
Key generator for over 1,000 applications (really!).exe
Macromedia dreamweaver MX (crack).exe
Macromedia key generator (all products).exe
Microsoft key generator, works for ALL microsoft products!!.exe
Microsoft Office XP (english) key generator.exe
Microsoft Office XP.iso.exe
Microsoft Windows XP crack pack.exe
Norton antivirus 2002.exe
Quake 4 BETA.exe
Star wars episode 2 downloader.exe
Warcraft 3 serial generator.exe
Warcraft 3 ONLINE key generator.exe
Windows XP key generator.exe
Windows XP serial generator.exe
Winrar + crack.exe
Winzip 8.0 + serial.exe
XBOX emulator (WORKS!!).exe

Simultaneously, the worm enables access to this directory to all users of the Kazaa network.  Then  Win32/Surnova.A copies itself into the directory C:/Windows using one of the  following names:


Then, the worm displays a fake error message:


© 1992-2004 Eset s.r.o. All rights reserved. No part of this encyclopedia may be reproduced, transmitted or used in any other way in any other form or by any means without prior permission from Eset.