Kaspersky warns of new Roron network worm – Kaspersky Labs

Kaspersky warns of new Roron network worm – Kaspersky Labs – Brief Article


Data security software developer Kaspersky Labs has spotted a new network worm replicating in the wild.

The Roron worm is thought to have been created in Bulgaria and so far six versions of it have been detected in the USA, Russia and a number of European countries.

Roron spreads via e-mail as an attached file, via a LAN and via the KaZaA file sharing network. Should an affected attachment be opened the worm will create a copy of itself in the Windows system directory and Program Files then place one of these in the system registry so that it activates each time the machine is turned on.

Once it infects a PC, Roron sets up a backdoor which enables a remote user to gain control of the machine and use it to carry out denial of service attacks. A destructive payload is also present which destroys data stored in hard drives if the system date on the PC is the 9th or 19th, the worm’s WINFILE.DLL component is deleted, the worm’s system registry entrants are deleted or randomly, depending on the worm’s internal counter.

((Comments on this story may be sent to info@m2.com))

COPYRIGHT 2002 M2 Communications Ltd.

COPYRIGHT 2003 Gale Group