W32.Kittykat


Aliases: PE_KITTYKAT.A, W32.Kittykat, W32/KITTYKAT.A, Win32.Kittykat.A, Worm.Kittykat.A
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 07 May 2006
Damage: Low

Characteristics: W32.Kittykat is a virus that infects Windows systems and spreads by infecting files with a .rar extension. This virus comes as a .rar file. This .rar file contains a start.bat file and many other randomly-named files. Once a computer is infected, the virus displays the message “Eppur si muove! - Defend your opinion!”

More details about W32.Kittykat

The W32.Kittykat virus may arrive as an archive file with a .rar extension. The file also contains a start.bat file. Once the virus is executed, it reconstructs itself as a randomly named file with an .exe extension. It uses a set of batch files to reconstruct itself using various split files. The virus does not have its own RAR archiving engine. This means that it needs WinRAR installed on the target computer to be able to append itself on other RAR archives. Once the virus has been executed completely, it displays the message “Eppur si muove! - Defend your opinion!” to announce its presence. After displaying the message, it then searches for files to infect. The virus does not have an infection marker. Infected files with the extension .rar will be infected repeatedly.

The W32.Kittykat program may be installed in the system by downloader Trojan applications. Their installer files are downloaded in the computer then executed. The Trojan software can also add them to the system registry to make sure they run at system startup. Drive-by-downloads can also spread it. The software may be embedded in affiliated websites. It can be disguised as an ActiveX component. Whenever the page is viewed with an unsecure browser, the program can be executed in the computer.