W32/Kickin-A

Vea la información para eliminar gusanos.

Vea la información (en inglés) para eliminar gusanos.

W32/Kickin-A es un gusano que se envía a todas las direcciones encontradas en la libreta de direcciones de Windows y en archivos HTML y XML.

W32/Kickin-A llega en un email de los que se describen a continuación, aunque la línea del asunto podría omitirse o ser diferente.

Asunto: Feel the reason why we fall in love...
Mensaje: It takes One minute to find someone special
One hour to like someone
1 Day to fall in love with someone
But it takes a lifetime to forget someone.

If you have ever been in love then you'll know about what i am talking.
If you wanne have that same old feeling then open the lovescreensaver and realise why we fall in love all the time...
Archivo adjunto: Love.scr

Asunto: Api Hooking Tutorial...
Mensaje: Did you wanted to learn how to api hook?
Here your chance!This tutorial explains all the basics AND moderate Api Hookings
Starting by hooking Registry Keys,Till hiding files from view in Windows Explorer
After reading this tut you can even start Windows RootKit Programming but ofcourse thats up to you to decide...

The Tutorial attached in this e-mail is for privat use only and may never be distributed under any curcumstances

Provided to you by: Webmaster<Webmaster@planet-source-code.com> and www.planet-source-code.com
Archivo adjunto: Api Hooking-Tutorial.exe

Asunto: Fwd:Fwd:Whats really happening in bagdad
Mensaje: ORIGINAL MESSAGE BODY:

FROM:<webmaster@screensavers.com>
DATE:Tuesday, May 06, 2003 13:37:31
TO:<flipbabe@hotmail.com>
SUBJECT:Fwd:Whats really happening in bagdad

Someone of the britisch army has made some Secret Spy Cam pics,and uploaded it to the internet!!
The pics show you exactly whats reall happened in Irak!Its really not what you've seen on tv!
Check out the attached file and forward this to as much friends so that they can all see what has really happened in Irak.

FlipBabe xxx
Archivo adjunto: Saddam-the real pics.scr

Asunto: Get the new Msn 5.1!
Mensaje: Tired of the little nicknames in Msn,tired of all the limits?
Well we've got news for you,Msn 5.1 is the newest and best msn messenger ever!
It allows nicknames up to 500 characters and has many new functions who will make your cyberlife easyier and better!
Msn Messenger 5.1 is avaible for following Operating Systems:
Windows Xp
Windows ME and 2000
Windows 98 and NT
Is not avaible for:Windows 95

This version of msn messenger supports also Api's in Windows Xp so you can make your own addons.
To download Msn Messenger 5.1 install the attached Root Setup.

WARNING:MSN MESSENGER IS NOT AVAIBLE FOR DOWNLOAD AT OUR WEBSITE DUE TO JURIDICAL RESTRICTIONS,IF YOU WANT IT YOU'LL HAVE TO INSTALL THE ROOT SETUP. If you don't want to install it then you'll have to wait for another 5 weeks because of the juridical restricions.
Please do not forward this email.Every user who has Msn Messenger installed will receive this email sooner or later,so its up to them to decide to use the new version of not

Sincerely yours:
The Msn Messenger Team
The Hotmail Team
Archivo adjunto: MsnMsgs.exe

Asunto: Do you remember last summer
Mensaje: hi
Do you remember we met last summer?
We became very good friends at the end huh!
Well i looked a bit over internet and i encountered your Email,so i thought why not send him the pics from last summer
I've attached them in this email,there in ScreenSaver format,pls reply to me if you liked them
See you soon again xxx
Love ya...
Archivo adjunto: Last Summer.scr

Asunto: Christina Aguilera:The most beautiful girl on earth
Mensaje: Don't you think Christina Aguilera is the most beautiful girl on earth?
She is soo nice!!!
That clip <Dirrty> was amazing...
If you wanne see some hidden pics of that videoclip then check out this screensaver
Its nice...Very nice,if you get what i mean ;)

Webmaster@beautifulgirls.com
Archivo adjunto: Christina Aguilera-The most beautiful girl on earth.scr

Asunto: u wanted to hack?
Mensaje: hi there,so you wanted to hack your friends hotmail account huh,well use this xss-exploit tool to find his password within 3 minutes!!
Simply open it and enter your victims email ID and select <hack>

This will also work on Yahoo and Icq accounts

Admin@hackers.com
Archivo adjunto: Hotmail Hacker.exe

Asunto: Fwd:Fwd:Fwd:Soccer...
Mensaje: Ever wanted to see the best goals,the most beautiful freekicks etc.with just 2 clicks with your mouse?
Ever wanted to acces the largest Soccer Database on the internet where all goals from more then 25 international competitions from the past 15 years are stored?
Here is your chance,this program has instant acces it,so you can enjoy how Diego Maradonna scored <with the hand of god>,or how Johan Cruyff curled that ball into the goal...Enjoy!
The database contains goals from countries like:Spain,Italy,France,Germany,England,Belgium,The Netherlands,Sweden,Finland and much more

Also forward this to all football fans you know so they can enjoy this to.
Archivo adjunto: Soccer Database.exe

Asunto: Fwd:Fwd:Fwd:Sit back and be surprised...
Mensaje: ORIGINAL MESSAGE BODY:

FROM:<Admin@screensavers.com>
DATE:Tuesday, May 06, 2003 13:37:31
TO:<Lovergirl33@hotmail.com>
SUBJECT:Fwd:Fwd:Sit back and be surprised...

Magic in CyberSpace,its almost unbelievable!

1)Pick 3 numbers and write them down on a paper.
2)Add one of the following values to the 3 numbers:Love,Friendship and Sex.Write these values next to the number
3)Pick 1 additional number and say it out loud 5 times
4)Now the sticky part:Choose 3 names of girls/boys who you like and write them below on that paper.
5)Now open the Magical screensaver i attached,wrap the paper in your left hand and close your eyes until you here the beep.
6)Open your eyes again and look at the screen.What the screensaver displayed will be personal,so you'll have to be alone in your room.Everything the screensaver displays will come tru within the next 2 months,Only the Sex part will come tru when your above 16.

You don't have to forward this email but then your friends won't get the chance to make their dreams come tru,So if you want your friends to be happe,simply mail them the magic...

Be aware!No cheating allowed,Once you have written those names and values on your paper you cannot chance them!!!
Archivo adjunto: Magical-Screensaver.scr

Asunto: The Virtual Joke...
Mensaje:Have you seen it yet?
You should because its soooooo funny,i wish the real jokes where that funny :)
Check out the attached screensaver and enjoy the pleasure of laughing...
Archivo adjunto: Virtual Joke.scr

Asunto: Windows Hotfix!
Mensaje: Attached is the HotFix for several bugs in Windows Operating Systems.
The following Windows versions are vulnerable:
Windows Xp home and Pro edition (with/without SP1)
Windows ME,2000 and NT Home and Pro Edition(With/without SP)
Windows 98 Home,Pro and Special Edition(With/without SP)
The following Windows Operating Systems are not vulnerable:
Windows 95(All editions With or Without Sp
Microsoft IIS(all versions)

If your Operating System is one of the vulnerable systems listed above then Microsoft Corp. recommends you to install this HotFix
If you for some reason didn't install this hotfix,then your pc will be vulnerable to this bugs allowing an attacker to Remote Control your pc,or beeing infected with the infamous SqlSlammer.
Because this is an critical bug,Microsoft Corp. has send this HotFix to all of his customors who use one of the OS's.

For more information about this bug or about Microsoft Corp.,please visit www.microsoft.com
Presented to you by:Microsoft HelpDesk<Support@microsoftcom>
Archivo adjunto: Q30215HOTFIX.pif

Asunto: Outwar is proud to present you:Outwar InterActive
Mensaje: After beeing succesfull for quit some years now and having more then 20000 clients,it was time for something new.
Thats why we decided to take our OutWar into the game market and developed OurWar InterActive
This game will be in shops late summer and will cost about 36$.
It will be avaible across the Usa,Europe,Australia and Asia.Our release for Africa is scheduled early 2004.

Because this will mean a lot of waiting,we developed the first Official OutWar Int. Demo!
The attached file contains Installation Packet for the downloader.
Install it and download the game from our Private FTP servers,and then enjoy it on your home pc!.

Sincerely yours
Webmaster@outwar.com
Archivo adjunto: OutWar Demo.exe

Asunto: Fwd:How to protect yourself against SARS
Mensaje: ORIGINAL MESSAGE BODY:

FROM:<mailinglist@healthcare.com>
DATE:Tuesday, May 06, 2003 11:37:31
TO:<nice_girl21@hotmail.com>
SUBJECT:Fwd:How to protect yourself against SARS

SARS aka. Severe Acute Respiratory Syndrome is a worldwide health threat.
It was first discovered in China
But now,it has become a very big thread to all people in this world

If no vaccin is found,soon more then 500.000 people will be infected with it This vaccin is not yet made,so within this time the ONLY protection humans have is prevention of infection

Thats why we of HealthCare launched a project in which we will send newsletters with information about SARS and with prevention rules.

Symptoms:High Fever(<38=B0C) AND one or more respiratory symptoms including cough, shortness of breath, difficulty breathing
Also be aware of the following:close contact with a person who has been diagnosed with SARS AND a recent history of travel to areas reporting cases of SARS
In addition to fever and respiratory symptoms, SARS may be associated with other symptoms including: headache, muscular stiffness, loss of appetite, malaise, confusion, rash, and diarrhea.

Until more is known about the cause of these outbreaks, WHO (World Health Organization) recommends that all people read the attached instructions of howto prevent beeing infected with SARS and what to do when infection has occurred

For more information contact:

Dick Thompson - Communication Officer
Communicable Disease Prevention, Control and Eradication WHO, Geneva
Telephone: (+41 22) 791 26 84
Email: thompsond@who.int
Archivo adjunto: SARS-Guide.scr

Asunto: Saddam alive and kickin'
Mensaje: The whole world wants to know it,is saddam a live,or death?
Well somedays a go the britisch took secret spy cam pics,and luckely someone has uploaded this pics to the internet,and now their avaible!
You won't believe what you see!its amazing!!!The spy cam was hidden inside a tower in Bagdad and it took pics from saddam and his sons,they our 250m beneath the ground!
Check out the pics i attached,you won't believe what you see!
Archivo adjunto: Saddam-the real pics.scr

W32/Kickin-A se copia en carpetas compartidas en redes de intercambio de archivos con alguno de los siguientes nombres:
AIM Remote Password Cracker.exe
Chaos Ip Spoof 2003.exe
FTP Cracker-2003(Crack the password of ANY FTP server with this tool!).exe
Hotmail Exploiter 2003.exe
Msn Messenger Remote Password Cracker 2003.exe
Netbios hacker.exe
Ultimate HackProg.exe
WebAttack-DoS Tool.exe
XNuker 2003.exe
Yahoo Remote Password Cracker Deluxe 2003.exe

W32/Kickin-A crea las siguientes entradas en el registro:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\System
= <unidad>:\<System>\Kernel32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CyberWolf = <unidad>:\<Windows> \CyberWolf.exe
Windows Kernel = <unidad>:\<System>\Kernel32.exe

Y modificará las siguientes entradas:
HKCR\exefile\shell\open\command =
<unidad>:\<SystemFolder<\Kernel32.exe %1

W32/Kickin-A intentará abrir Internet Explorer cada 5 minutos con alguna de las siguientes direcciones:
www.indiansnakes.cjb.net
www.christinaaguilera
www.brain-hack.com

W32/Kickin-A crea el archivo Script.ini que enviará a través de mIRC una copia del gusano a los usuarios que se unan al mismo canal de chat. Sophos Anti-Virus detecta Script.ini como mIRC/Simp-Fam.

W32/Kickin-A también crea los archivos Windows.lOg y CyberWolf.TxT.

El gusano intentará cerrar ciertos programas antivirus.