The Web    Google
3/29: Krynos-B Worm Drops Copy of Itself

3/29: Krynos-B Worm Drops Copy of Itself
March 29, 2005

Worm_Krynos.B propagates via peer-to-peer applications by dropping a .ZIP copy of itself in a certain folder. It may also spread via email by sending itself as an attachment. It gathers target recipients from files with the following extensions:

  • HTM
  • TXT

    Users must be wary of the email it sends with the following details:


    (recipient email address harvested from affected system)

    Subject: Microsoft Security Update

    Message body:
    "Vulnerability in Windows Explorer Could Allow Remote Code Execution (612827)"

    Affected Software:

  • Impact of Vulnerability: Remote Code Execution
  • Importance: High
  • Maximum Severity Rating: Critical
  • Recommendation: Customers should apply the attached update at the earliest opportunity
  • Summary:
  • Who should read this document: Customers who use Microsoft Windows
  • X-Mailer: Secure Microsoft Client, Build 2.1
  • X-MimeOLE: Produced By Secure Microsoft Client V2.1
  • X-MSMail-Priority: High
  • X-Priority: 1 (Highest)


  • ARC
  • ARJ
  • GZ
  • LZH
  • TGZ
  • ZIP
  • ZOO

    It avoids sending email to addresses containing any of several strings.

    This worm also has backdoor capabilities, allowing remote users to access and perform malicious tasks on affected machines. It can also prevent affected users from accessing certain antivirus and security Web sites by modifying the HOSTS file.

    Technical details can be found at Trend Micro page.

  • AT&T on DoS: Early Detection Equals Prevention
  • Feinstein Tightens ID Theft Proposal
  • 5/11: Ifbo-A Worm Exploits LSASS Flaw
  • 1/12: Kobot-B Worm Uses 3 Windows Flaws
  • Under the Radar: IM Emerging as a Stealth Threat
  • 12/7: Banker-BG Trojan Targets Brazilian Banks
  • 4/4: Mytob-C Worm Looks For Flaw
  • Network Security Management Market Heats Up
  • 4/5: Mytob-W Worm Takes Remote Orders
  • nCipher Offers Shareable Hardware Security Module
  • 4/12: Mytob-AR Yet Another Variant
  • Security Camera Industry Information