Opaserv.F and Opaserv.G Worms Detected

Panda Software’s Virus Laboratory has detected the appearance of two new variants of the Opaserv worm. These new variants, Opaserv.F and Opaserv.G., are very similar to their predecessors, including Opaserv.E, about which the international software developer has published information over the last few days. Panda Software’s tech support services have had reports of various incidents caused by these worms and the company anticipates that the number of infections could increase over the next few hours.

According to data compiled from the results of Panda ActiveScan, the free, online antivirus, Opaserv and Opaserv.E are still among the five most frequently detected viruses. With the emergence of the two new variants, the possibility of becoming infected has obviously increased.

Opaserv.F and Opaserv.G spread across the Internet, searching for potentially vulnerable computers. Once these have been pinpointed, these worms enter victim’s machines, creating copies of themselves under the names ALEVIR.EXE (Opaserv.F) and PUTA!!.exe (Opaserv.G). If the infected computer shares files or resources with other computers, the worms will spread to these as well, exploiting a vulnerability in Windows 9x and Me known as Share Level Password. This enables any variant of Opaserv to spread quickly to all computers in a network. The worms also go resident in infected computers and create an entry in the Windows registry to ensure they are run on every system start-up.

Attacks by Opaserv variants normally take place without users having the slightest idea that anything is wrong, as they use ports 137 and 139 -which are normally open- to surreptitiously enter victim’s computers. Tech support services at Panda Software have even detected cases where up to three variants of Opaserv had infected the same computer.