Security Incidents mailing list archives
RE: Increased Kuang2 activity
From: davec () skooter net
Date: Mon, 10 Feb 2003 12:13:00 -0500
From http://www.iss.net/security_center/static/4074.php
backdoor-kuang2v (4074) High Risk Kuang2 Virus installs remote control functionality on infected systems Description: Kuang2 Virus is a backdoor program designed to run on Windows 95 and 98 systems that infects files much like a virus. Once the virus has been executed on a system, it allows remote control of the system over TCP port 17300 and systematically infects all PE (Portable Executable) .exe files on the system. Remote attackers are able to download and upload files as well as install plugins that expand on the backdoor's basic functions. Platforms Affected: Windows 95 Windows 98 Remedy: The client program includes an antivirus function to clean an infected computer. To clean the local system, leave the IP address field in the program blank. The antivirus cleaning process copies the infected version of EXPLORER.EXE to EXPLORER.WK2, and removes the virus. The program places the cleaned version of the file back to EXPLORER.EXE, when you shut down and restart your computer. The antivirus process also scans the hard drive, looking for any other infected files. The readme file included in the distribution of the backdoor recommends running the antivirus scan twice to ensure that the backdoor is removed. Consequences: Gain Access References: McAfee Virus Profile, "W95/Kuang2.cli" at http://vil.mcafee.com/dispVirus.asp?virus_k=10213& TL Security Trojan Archive, "Kuang 2 The Virus" at http://www.multimania.com/ilikeit/kuang2v.htm Standards associated with this entry: Reported: Date not applicable. "Logan F.D. Greenlee" <lgreenlee () ciretose net> wrote ..
Does anyone have any information on what the kuang2 trojan does, and what systems are vulnerable? My brief googling has only returned links to the Trojan itself. Thanks, Logan
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Increased Kuang2 activity Jason Dixon (Feb 10)
- Re: Increased Kuang2 activity Johannes Ullrich (Feb 10)
- <Possible follow-ups>
- RE: Increased Kuang2 activity Logan F.D. Greenlee (Feb 10)
- RE: Increased Kuang2 activity Jason Dixon (Feb 10)
- RE: Increased Kuang2 activity Rev. Kronovohr (Feb 10)
- RE: Increased Kuang2 activity Jennifer Fountain (Feb 10)
- RE: Increased Kuang2 activity davec (Feb 10)
- RE: Increased Kuang2 activity Logan F.D. Greenlee (Feb 10)
- RE: Increased Kuang2 activity James C Slora Jr (Feb 10)
- Re: Increased Kuang2 activity Kurt Seifried (Feb 10)
- RE: Increased Kuang2 activity James C Slora Jr (Feb 10)
- RE: Increased Kuang2 activity Baklarz, Ron (Feb 10)
- RE: Increased Kuang2 activity James C Slora Jr (Feb 10)
- RE: Increased Kuang2 activity Thierry Zoller (Feb 10)