Weekly Virus Report - Opaserv, Oror and Mylka Worm
Posted on 04.11.2002
Over the last few days, three new malicious codes have been discovered. The first is variant H of the Opaserv worm. Opaserv.H (W32/Opaserv.H) has similar characteristics to its predecessors and its main aim is to infect other computers, especially if they are connected to a network. This malicious code also tries to connect to a website in order to update some of its components.

However, unlike the rest of the Opaserv variants, the file carrying Opaserv.H can vary in size and is compressed with the PCShrink utility, which as well as reducing the size of the virus also encrypts the infection code.

In order to install itself in other computers, Opaserv.H looks for vulnerable computers in the Internet, when it finds them it calls port 139 and spreads by copying itself in the C:\Windows directory under the name MARCO!.SCR.

Another worm detected by the Virus Laboratory over the last few days is Oror.B (W32/Oror.B). This malicious code is considered dangerous, as it could delete the content of all the disk drives in the affected computer. This worm is also capable of spreading rapidly via e-mail, mIRC and Kazaa, the popular file-sharing program.

The third malicious code is Mylka.A (W32/Mylka.A), another destructive worm that is capable of deleting Windows files and files related to applications including some antivirus programs.

Mylka.A uses social engineering techniques to spread via e-mail. The message and the name of the attached file carrying the worm have variable characteristics.


Pen-testing drone searches for unsecured devices

You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Oct 9th