RE: Increased Kuang2 activity

From: davecat_private
Date: Mon Feb 10 2003 - 09:13:00 PST

Next message: PAUL_TAYLORat_private: "Re: Suspicious file on Desktop"

Previous message: Jennifer Fountain: "RE: Increased Kuang2 activity"
Maybe in reply to: Jason Dixon: "Increased Kuang2 activity"
Next in thread: Logan F.D. Greenlee: "RE: Increased Kuang2 activity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From http://www.iss.net/security_center/static/4074.php

backdoor-kuang2v (4074)   High Risk  

Kuang2 Virus installs remote control functionality on infected systems

Description: 
Kuang2 Virus is a backdoor program designed to run on Windows 95 and 98 systems that infects files much like a virus. Once the virus has been executed on a system, it allows remote control of the system over TCP port 17300 and systematically infects all PE (Portable Executable) .exe files on the system. Remote attackers are able to download and upload files as well as install plugins that expand on the backdoor's basic functions.

Platforms Affected: 
Windows 95
Windows 98

Remedy: 
The client program includes an antivirus function to clean an infected computer.

To clean the local system, leave the IP address field in the program blank. The antivirus cleaning process copies the infected version of EXPLORER.EXE to EXPLORER.WK2, and removes the virus. The program places the cleaned version of the file back to EXPLORER.EXE, when you shut down and restart your computer. The antivirus process also scans the hard drive, looking for any other infected files. The readme file included in the distribution of the backdoor recommends running the antivirus scan twice to ensure that the backdoor is removed.

Consequences: 
Gain Access 

References: 
McAfee Virus Profile, "W95/Kuang2.cli" at http://vil.mcafee.com/dispVirus.asp?virus_k=10213&

TL Security Trojan Archive, "Kuang 2 The Virus" at http://www.multimania.com/ilikeit/kuang2v.htm

Standards associated with this entry: 

Reported: 
Date not applicable. 



"Logan F.D. Greenlee" <lgreenleeat_private> wrote ..
> Does anyone have any information on what the kuang2 trojan does, and
> what systems are vulnerable? My brief googling has only returned links
> to the Trojan itself.
> 
> Thanks,
> Logan
> 



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: PAUL_TAYLORat_private: "Re: Suspicious file on Desktop"
Previous message: Jennifer Fountain: "RE: Increased Kuang2 activity"
Maybe in reply to: Jason Dixon: "Increased Kuang2 activity"
Next in thread: Logan F.D. Greenlee: "RE: Increased Kuang2 activity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Feb 10 2003 - 12:00:23 PST