This worm tries to propagate through MSN and Kazaa. It also launches a DDoS attack to pre-configured sites. The worm was programmed in Visual Basic.
Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.
A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:
Check for the latest database updates
First check if your F-Secure security program is using the latest updates, then try scanning the file again.
Submit a sample
After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.
Exclude a file from further scanning
If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.
Note: You need administrative rights to change the settings.
It writes the following text to a file with random name and '.txt' extension.
W32.Supernova - Ban religion --------------------------------------------------- Religion = War Religion = Based on fairytales Wars based on fairytales? Ban religion, welcome to the truth ---------------------------------------------------
The worm deletes files from the user's computers, displaying the following messages:
0wned by the blasting star Religion=war Patch the leaks... Or the ship will sink....
It copies itself to the Windows directory under the following names:
Alles-ist-vorbei.exe Desktop-shooting.exe Hello-Kitty.exe BigMac.exe Cheese-Burger.exe Blaargh.exe
And then sets the Registry key "Supernova" under:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
to point to any of the files.
It runs the following commands, in an attempt to direct a DDoS attack against those hosts.
ping www.islamicity.com -t ping www.christianity.com -t ping www.beliefnet.com -t
These commands won't generate enough traffic to be DDoS attack unless a high number of hosts (on the range of thousands) become infected by this worm.
When trying to spread through MSN it will present the users with the following massages:
Hehe, check this out :-) Funny, check it out (h) LOL!! See this :D LOL!! Check this out :) Hehe, this is fun :-)
It will copy itself into the Kazaa shared folder using the following names:
Windows XP key generator.exe Windows XP serial generator.exe Key generator for all windows XP versions.exe Warcraft 3 ONLINE key generator.exe Half-life ONLINE key generator.exe Quake 4 BETA.exe Grand theft auto 3 CD1 crack.exe GTA3 crack.exe Battle.net key generator (WORKS!!).exe Warcraft 3 battle.net serial generator.exe Half-life WON key generator.exe Star wars episode 2 downloader.exe Winzip 8.0 + serial.exe Winrar + crack.exe Britney spears nude.exe Macromedia MX key generator (all products).exe KaZaA media desktop v2.0 UNOFFICIAL.exe Microsoft key generator, works for ALL microsoft products!!.exe Microsoft Windows XP crack pack.exe Hack into any computer!!.exe DivX codec v6.0.exe DivX newest version.exe DivX.exe DivX pro key generator.exe Key generator for over 1,000 applications (really!).exe DivX patch - Increases quality.exe KaZaA spyware remover.exe Age of empires 2 crack.exe Norton antivirus 2002.exe Macromedia Dreamweaver MX Key Generator.exe Macromedia Flash MX Key Generator.exe Neverwinter nights crack.exe Microsoft Office XP (english) key generator.exe Microsoft Office XP.iso.exe CloneCD + crack.exe CloneCD all-versions key generator.exe XBOX emulator (WORKS!!).exe Gamecube Emulator (WORKS!!).exe Xbox.info.exe Grand Prix 4 crack.exe Nokia simlock remover (includes new models).exe Britney spears hard porn (REAL!).exe Christina Aguilera fuck (REAL!).exe Kiddy child incest porn.exe Doom 3 preview!!.exe Crazy taxi crack.exe Copy protection remover.exe Sex.exe AAAAAAAAAA.exe Jedi Knight 2 crack.exe Warcraft 3 trainer.exe Cable modem uncapper.exe Grand theft auto 3 trainer.exe GTA3 trainer.exe