Aliases: N/A
Variants: W32.Kiman.A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 08 Feb 2006
Damage: Medium

Characteristics: The worm called W32.Kiman.B has distributed Denial of Service (DoS0 and backdoor capabilities. The worm propagates itself by copying itself to network shares that are protected by weak passwords. It also spreads by exploiting computer vulnerabilities.

More details about W32.Kiman.B

The worm W32.Kiman.B infects Windows systems and spreads through email. When executed, it copies itself as hdcontroller.exe in the Windows System folder. It also modifies the registry key at certain locations in the system. It does this to ensure that it loads itself every Windows startup. This particular worm also has backdoor capabilities. It connects to the Internet Relay Chat (IRC) server using port 443 in the domain “enz.filame.biz”. When a connection is made, it joins an IRC channel then listens for commands coming from a remote user. The worm also scans for computers and attempts to exploit vulnerabilities such as the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability, the Microsoft Windows Local Security Authority Service Remote Buffer Overflow, and the Microsoft SQL Server 2000 or MSDE 2000 audit. In addition, it attempts to propagate by copying itself to network shares protected by weak passwords.

The W32.Kiman.B program negatively impacts the performance as well as the stability of its victim’s computer. Because of this worm’s activities on its infected computer, a user may experience slow Internet connection, data corruption, freezing of running applications, termination of running programs and system crashes. Based on some Web forum participants who have already encountered this worm, their computers were utilized by this worm in transmitting unsolicited electronic mail messages and accumulating confidential information. This worm also floods their computers with lots of requests for information, thus causing their computers to slow down.