Weekly Virus Report – Opaserv Worm Variants

According to data gathered by Panda ActiveScan, this week’s virus activity has centered on variants “E”, “F” and “G” of Opaserv.

This week, 16.79 percent of total virus infections detected by Panda Software’s free, online scanner have been caused by either Opaserv, Opaserv.E or Opaserv.F, as compared to 12.68 percent of infections caused by Klez.I. According to Luis Corrons, director of Panda Software’s Virus Research Laboratory, “This is very significant, as Klez.I has been the most frequently detected virus by Panda ActiveScan since April. Now, however, its place at the top of the ranking seems to be jeopardy.”

Opaserv and its variants enter computers via the Internet, using communication ports 137 and 139, which are normally open by default. If the infected computer shares files or resources with other computers, this malicious code will spread to these by exploiting a vulnerability in Windows 9x and Me known as “Share Level Password”. This enables any variant of Opaserv to spread quickly to all computers in a network.

On the subject of Opaserv and its variants, Luis Corrons adds, “These worms are favoring the reappearance of other, older, malicious codes such as W95/CIH or W32/Funlove. “This is due”, he explains, “to the fact that Opaserv copies itself to computers it affects. If these computers are infected with a virus, Opaserv will also become infected and spread infection wherever it goes.” For this reason it is advisable that users install an efficient antivirus that can eliminate every known malicious code. Antiviruses must also be periodically updated in order to protect computers against any new virus threats.

We will finish today’s weekly summary with “Friend Greeting Application”, a program Panda Software has received queries about from clients. This is an application that sends out greetings to every contact in the address book of the user that has downloaded it from a web address. Even though this is a harmless program, its usage in corporate environments could generate message traffic that could collapse servers. To prevent this, Panda Software recommends using filtering tools to block e-mails with the subject “you have an E-Card from”.

Don't miss