Threat Description



Aliases:Supova, Worm.P2P.Surnova.e


This worm tries to propagate through MSN and Kazaa. It also launches a DDoS attack to pre-configured sites. The worm was programmed in Visual Basic.


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.


You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.

Technical Details

It writes the following text to a file with random name and '.txt' extension.

W32.Supernova - Ban religion
 Religion = War
 Religion = Based on fairytales
 Wars based on fairytales?
 Ban religion, welcome to the truth

The worm deletes files from the user's computers, displaying the following messages:

0wned by the blasting star
 Patch the leaks... Or the ship will sink....

It copies itself to the Windows directory under the following names:


And then sets the Registry key "Supernova" under:


to point to any of the files.

It runs the following commands, in an attempt to direct a DDoS attack against those hosts.

ping -t
 ping -t
 ping -t

These commands won't generate enough traffic to be DDoS attack unless a high number of hosts (on the range of thousands) become infected by this worm.

When trying to spread through MSN it will present the users with the following massages:

Hehe, check this out :-)
 Funny, check it out (h)
 LOL!! See this :D
 LOL!! Check this out :)
 Hehe, this is fun :-)

It will copy itself into the Kazaa shared folder using the following names:

Windows XP key generator.exe
 Windows XP serial generator.exe
 Key generator for all windows XP versions.exe
 Warcraft 3 ONLINE key generator.exe
 Half-life ONLINE key generator.exe
 Quake 4 BETA.exe
 Grand theft auto 3 CD1 crack.exe
 GTA3 crack.exe key generator (WORKS!!).exe
 Warcraft 3 serial generator.exe
 Half-life WON key generator.exe
 Star wars episode 2 downloader.exe
 Winzip 8.0 + serial.exe
 Winrar + crack.exe
 Britney spears nude.exe
 Macromedia MX key generator (all products).exe
 KaZaA media desktop v2.0 UNOFFICIAL.exe
 Microsoft key generator, works for ALL microsoft products!!.exe
 Microsoft Windows XP crack pack.exe
 Hack into any computer!!.exe
 DivX codec v6.0.exe
 DivX newest version.exe
 DivX pro key generator.exe
 Key generator for over 1,000 applications (really!).exe
 DivX patch - Increases quality.exe
 KaZaA spyware remover.exe
 Age of empires 2 crack.exe
 Norton antivirus 2002.exe
 Macromedia Dreamweaver MX Key Generator.exe
 Macromedia Flash MX Key Generator.exe
 Neverwinter nights crack.exe
 Microsoft Office XP (english) key generator.exe
 Microsoft Office XP.iso.exe
 CloneCD + crack.exe
 CloneCD all-versions key generator.exe
 XBOX emulator (WORKS!!).exe
 Gamecube Emulator (WORKS!!).exe
 Grand Prix 4 crack.exe
 Nokia simlock remover (includes new models).exe
 Britney spears hard porn (REAL!).exe
 Christina Aguilera fuck (REAL!).exe
 Kiddy child incest porn.exe
 Doom 3 preview!!.exe
 Crazy taxi crack.exe
 Copy protection remover.exe
 Jedi Knight 2 crack.exe
 Warcraft 3 trainer.exe
 Cable modem uncapper.exe
 Grand theft auto 3 trainer.exe
 GTA3 trainer.exe

Technical Details: Ero Carrera; F-Secure Corp; February 21st, 2003


Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Disinfect your PC

F-Secure Anti-Virus will disinfect your PC and remove all harmful files

Learn More