Weekly Virus Report – Opaserv, Oror and Mylka Worm
Over the last few days, three new malicious codes have been discovered. The first is variant H of the Opaserv worm. Opaserv.H (W32/Opaserv.H) has similar characteristics to its predecessors and its main aim is to infect other computers, especially if they are connected to a network. This malicious code also tries to connect to a website in order to update some of its components.
However, unlike the rest of the Opaserv variants, the file carrying Opaserv.H can vary in size and is compressed with the PCShrink utility, which as well as reducing the size of the virus also encrypts the infection code.
In order to install itself in other computers, Opaserv.H looks for vulnerable computers in the Internet, when it finds them it calls port 139 and spreads by copying itself in the C:\Windows directory under the name MARCO!.SCR.
Another worm detected by the Virus Laboratory over the last few days is Oror.B (W32/Oror.B). This malicious code is considered dangerous, as it could delete the content of all the disk drives in the affected computer. This worm is also capable of spreading rapidly via e-mail, mIRC and Kazaa, the popular file-sharing program.
The third malicious code is Mylka.A (W32/Mylka.A), another destructive worm that is capable of deleting Windows files and files related to applications including some antivirus programs.
Mylka.A uses social engineering techniques to spread via e-mail. The message and the name of the attached file carrying the worm have variable characteristics.