Panda Software Reports the Appearance of Opaserv.Y Worm

PandaLabs has detected the appearance of the new Y variant of the Opaserv worm. According to data gathered by Panda Software’s international technical support services, this malicious code is already causing incidents.

Opaserv.Y spreads directly through the Internet by looking for computers to infect. In order to do this, it checks if port 137 is open and unprotected. If it is, Opaserv.Y gets into the computer through port 139 and copies itself in the C:\Windows directory under the name Speedy.scr.

At the same time, it generates several entries in the Windows Registry in order to ensure that it is run whenever the computer is started up. If the infected computer is connected to a network, Opaserv.Y will exploit the Windows vulnerability known as Share Level Password – based on an inconsistency in the protection of network shares in the operating systems Windows Me/98/95- in order to spread to the rest of the computers in the network.

Up until now, PandaLabs has detected two versions of Opaserv.Y. The difference between the two is the compression utility they are packed with. Another characteristic of this malicious code is that if the user runs the file carrying the worm from an MS-DOS window, instead of displaying the following message: “This program requires MS Windows”, one of the following three will be displayed:

– Telefonica ganhe menos e faca mais!!
– Queremos melhores servicos da SPEEDY
– Melhorem o servico Speed seus FDPS!!

Due to the incidents detected and to avoid falling victim to Opaserv.Y, Panda Software advises users to treat all e-mails received with caution and to update their antivirus solutions immediately. The company has already made the updates to its products available to users to ensure their solutions can detect and eliminate Opaserv.Y. Those whose software is not configured to update automatically, should update their solutions from .

Detailed information about Opaserv.Y is available from Panda Software’s Virus Encyclopedia.