"Opasoft" Causes The Second Virus Epidemic This Week
01 Oct 2002
Kaspersky Lab, an international data-security software developer, announces the emergence of already the second virus epidemic this week. This time, the multi-component program Opasoft
combines the characteristics of a network worm and a Trojan program designed to gain unauthorized remote control of infected computers. At this time the Kaspersky Lab round-the-clock technical support service has received confirmed reports of "Opasoft" infections in Russia, France, Germany, the UK, Korea among other countries with the amount of events on the increase.
"Opasoft" spreads through and between local area networks. After penetrating a computer the worm copies itself to the Windows system directory under the name "SCRSVR.EXE". In order to launch itself upon operating system restart, "Opasoft" registers this file in the Windows registry auto-run key, and additionally modifies the WIN.INI initialization file.
"Opasoft's" Trojan component is designed to accomplish unauthorized remote control of infected machines. Specifically, the "Opasoft" worm connects to the www.opasoft.com Web site, where it downloads its updated versions (if there are any) and launches on the infected computer malicious script programs. The indicated web site is already closed, therefore the described Trojan functions are no longer operative.
Presently, three modifications of the Opasoft worm are known. The defense against all three has already been added to the Kaspersky Anti-Virus databases.
More detailed information covering the Opasoft worm are available in the Kaspersky Virus Encyclopedia