Q-C Online support pages
Technical support article

About the KAK Worm Virus



VBS.KakWorm spreads using Microsoft Outlook Express. It attaches itself to all outgoing messages via the Signature feature of Outlook Express and Internet Explorer newsgroup reader. The worm utilizes a known Microsoft Outlook Express security hole so that a viral file is created on the system without having to run any attachment. Microsoft has patched this security hole. The patch is available from Microsoft's website. If you have a patched version of Outlook Express, this worm will not work automatically.

Simply reading the received email message will cause the virus to be placed on the system. Even if you receive an infected message, you cannot be affected unless you have an Internet Explorer based product installed. The worm arrives embedded in an email message as the message HTML signature. The recipient of the message cannot see any visible symptoms as there is no displayable text in the signature. If the user opens or previews the infected email message the worm drops file KAK.HTA into the Windows start-up folder. KAK.HTA runs the next time Windows is started, creates the C:\WINDOWS\KAK.HTM file and changes the Microsoft Outlook Express registry settings so that the KAK.HTM is automatically included in every outgoing message as a signature. The KAK.HTA also changes the Windows registry that it includes the name of the worm file.

Download the Wscript.Kakworm fix

Download the Wscript.Kakworm.B fix

For more information on virus updates and anti-virus software, visit our Virus Information section.


Local events heading








 

(More History)