W32.Supova.B.worm


Aliases: W32.Supova.Worm
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 18 Jul 2002
Damage: Medium

Characteristics: The W32.Supova.B. application is a worm that comes cloaked as a well known software file. It propagates through KaZaA file-sharing networks by decepting the users of KaZaa into running and downloading the program.

More details about W32.Supova.B.worm

The worm duplicates itself into the folder of Windows using various names that randomly chooses from Blaargh, Alles-ist-vorbei, Cheese-Burger, Desktop-shooting, Bigmac, and Hello-Kitty having .exe extension. It also makes a text file in folders of Windows having a name consisting of 12 numbers that are random and a .txt extension. The worm builds up itself to be performed by adding values to the registry whenever the Windows loads. In order to remove the value that this worm added, first thing to do is go to Start and then click Run. Run Dialog Box will then appear. Just type regedit and click OK. Registry Editor will then open. There will be a key to navigate and then delete the ‘Supernova’ value. Click the Registry button then Exit.

The worm attempts sending some messages to the contacts of the MSN Messenger. The worm contains codes so it can delete files. The worm places the installation folder in the main Windows and replicates itself to the specified location. Before it tries to delete the files it will first display the “Owned by the blasting stars” message. Then it will delete the files. After it deletes these files, it will then display “Patch the leaks… Or the ship will sink…” message followed by a message box contained “Religion is war!!” message. Then it will executes Service attacks Denial on the web sites such as islamicity.com, Christianity.com, and beliefnet.com.