This worm tries to propagate through MSN and Kazaa. It also launches a DDoS attack to pre-configured sites. The worm was programmed in Visual Basic.
Disinfection & Removal
Allow F-Secure Anti-Virus to disinfect the relevant files.
For more general information on disinfection, please see Removal Instructions.
It writes the following text to a file with random name and '.txt' extension.
W32.Supernova - Ban religion --------------------------------------------------- Religion = War Religion = Based on fairytales Wars based on fairytales? Ban religion, welcome to the truth ---------------------------------------------------
The worm deletes files from the user's computers, displaying the following messages:
0wned by the blasting star Religion=war Patch the leaks... Or the ship will sink....
It copies itself to the Windows directory under the following names:
Alles-ist-vorbei.exe Desktop-shooting.exe Hello-Kitty.exe BigMac.exe Cheese-Burger.exe Blaargh.exe
And then sets the Registry key "Supernova" under:
to point to any of the files.
It runs the following commands, in an attempt to direct a DDoS attack against those hosts.
ping www.islamicity.com -t ping www.christianity.com -t ping www.beliefnet.com -t
These commands won't generate enough traffic to be DDoS attack unless a high number of hosts (on the range of thousands) become infected by this worm.
When trying to spread through MSN it will present the users with the following massages:
Hehe, check this out :-) Funny, check it out (h) LOL!! See this :D LOL!! Check this out :) Hehe, this is fun :-)
It will copy itself into the Kazaa shared folder using the following names:
Windows XP key generator.exe Windows XP serial generator.exe Key generator for all windows XP versions.exe Warcraft 3 ONLINE key generator.exe Half-life ONLINE key generator.exe Quake 4 BETA.exe Grand theft auto 3 CD1 crack.exe GTA3 crack.exe Battle.net key generator (WORKS!!).exe Warcraft 3 battle.net serial generator.exe Half-life WON key generator.exe Star wars episode 2 downloader.exe Winzip 8.0 + serial.exe Winrar + crack.exe Britney spears nude.exe Macromedia MX key generator (all products).exe KaZaA media desktop v2.0 UNOFFICIAL.exe Microsoft key generator, works for ALL microsoft products!!.exe Microsoft Windows XP crack pack.exe Hack into any computer!!.exe DivX codec v6.0.exe DivX newest version.exe DivX.exe DivX pro key generator.exe Key generator for over 1,000 applications (really!).exe DivX patch - Increases quality.exe KaZaA spyware remover.exe Age of empires 2 crack.exe Norton antivirus 2002.exe Macromedia Dreamweaver MX Key Generator.exe Macromedia Flash MX Key Generator.exe Neverwinter nights crack.exe Microsoft Office XP (english) key generator.exe Microsoft Office XP.iso.exe CloneCD + crack.exe CloneCD all-versions key generator.exe XBOX emulator (WORKS!!).exe Gamecube Emulator (WORKS!!).exe Xbox.info.exe Grand Prix 4 crack.exe Nokia simlock remover (includes new models).exe Britney spears hard porn (REAL!).exe Christina Aguilera fuck (REAL!).exe Kiddy child incest porn.exe Doom 3 preview!!.exe Crazy taxi crack.exe Copy protection remover.exe Sex.exe AAAAAAAAAA.exe Jedi Knight 2 crack.exe Warcraft 3 trainer.exe Cable modem uncapper.exe Grand theft auto 3 trainer.exe GTA3 trainer.exe
Technical Details: Ero Carrera; F-Secure Corp; February 21st, 2003