Threat description




This worm tries to propagate through MSN and Kazaa. It also launches a DDoS attack to pre-configured sites. The worm was programmed in Visual Basic.


Automatic action

Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.

More scanning & removal options

More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Technical Details

It writes the following text to a file with random name and '.txt' extension.

W32.Supernova - Ban religion  ---------------------------------------------------  Religion = War  Religion = Based on fairytales  Wars based on fairytales?  Ban religion, welcome to the truth  ---------------------------------------------------  

The worm deletes files from the user's computers, displaying the following messages:

0wned by the blasting star  Religion=war  Patch the leaks... Or the ship will sink....  

It copies itself to the Windows directory under the following names:

Alles-ist-vorbei.exe  Desktop-shooting.exe  Hello-Kitty.exe  BigMac.exe  Cheese-Burger.exe  Blaargh.exe  

And then sets the Registry key "Supernova" under:


to point to any of the files.

It runs the following commands, in an attempt to direct a DDoS attack against those hosts.

ping -t  ping -t  ping -t  

These commands won't generate enough traffic to be DDoS attack unless a high number of hosts (on the range of thousands) become infected by this worm.

When trying to spread through MSN it will present the users with the following massages:

Hehe, check this out :-)  Funny, check it out (h)  LOL!! See this :D  LOL!! Check this out :)  Hehe, this is fun :-)  

It will copy itself into the Kazaa shared folder using the following names:

Windows XP key generator.exe  Windows XP serial generator.exe  Key generator for all windows XP versions.exe  Warcraft 3 ONLINE key generator.exe  Half-life ONLINE key generator.exe  Quake 4 BETA.exe  Grand theft auto 3 CD1 crack.exe  GTA3 crack.exe key generator (WORKS!!).exe  Warcraft 3 serial generator.exe  Half-life WON key generator.exe  Star wars episode 2 downloader.exe  Winzip 8.0 + serial.exe  Winrar + crack.exe  Britney spears nude.exe  Macromedia MX key generator (all products).exe  KaZaA media desktop v2.0 UNOFFICIAL.exe  Microsoft key generator, works for ALL microsoft products!!.exe  Microsoft Windows XP crack pack.exe  Hack into any computer!!.exe  DivX codec v6.0.exe  DivX newest version.exe  DivX.exe  DivX pro key generator.exe  Key generator for over 1,000 applications (really!).exe  DivX patch - Increases quality.exe  KaZaA spyware remover.exe  Age of empires 2 crack.exe  Norton antivirus 2002.exe  Macromedia Dreamweaver MX Key Generator.exe  Macromedia Flash MX Key Generator.exe  Neverwinter nights crack.exe  Microsoft Office XP (english) key generator.exe  Microsoft Office XP.iso.exe  CloneCD + crack.exe  CloneCD all-versions key generator.exe  XBOX emulator (WORKS!!).exe  Gamecube Emulator (WORKS!!).exe  Grand Prix 4 crack.exe  Nokia simlock remover (includes new models).exe  Britney spears hard porn (REAL!).exe  Christina Aguilera fuck (REAL!).exe  Kiddy child incest porn.exe  Doom 3 preview!!.exe  Crazy taxi crack.exe  Copy protection remover.exe  Sex.exe  AAAAAAAAAA.exe  Jedi Knight 2 crack.exe  Warcraft 3 trainer.exe  Cable modem uncapper.exe  Grand theft auto 3 trainer.exe  GTA3 trainer.exe  

Submit a Sample

Suspect a file or URL was wrongly detected?
Send it to our Labs for further analysis

Submit a Sample

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

More Info