W32/Kapser.A@mm to delete files

1 February 2006

W32/Kapser@mm is a mass-mailing worm that first appeared on 16 January 2006 and is detected and disinfected by F-Prot Antivirus with virus signature files dated 16 January or newer.

This worm is set to delete files on infected computers on the 3 February 2006 and then to repeat the action on the third day of each subsequent month, indefinitely. The worm is programmed to delete files according to the file type, determined by the file name extension. File types to be deleted include Word documents, Excel spreadsheets, PowerPoint slideshows, Adobe PDF files and Adobe Photoshop images. Users of unscanned infected computers who do not have backups of their files run the risk of losing these files permanently.

Over the past two years malware has generally moved away from pure vandalism for its own sake and towards financial gain through the abuse of infected computers. Recently, therefore, malware has generally laid low and tried to not attract users' attention so as to be able to continue its abuse. Among other things this abuse entails sending out large quantities of spam (junk e-mail) from infected computers, monitoring of browsing habits and theft of credit card and banking information. W32/Kapser.A@mm differs considerably from the majority of these recent threats in that it seems to be designed for simple vandalism.

W32/Kapser.A@mm spreads in attachments to e-mail messages designed to entice users to open the attachments and thereby execute the worm. On infection, the worm harvests e-mail addresses from the infected computer's hard drive and subsequently uses these to spread itself further.

For more detailed technical information on this worm and for a full list of file extensions marked for deletion please see the technical description in our virusinfo section.

Recommended Reactions

Users are advised to update their virus signature files and make sure they have the latest versions of F-Prot Antivirus installed on their computers.

After updating the virus signature files, users should scan their whole system with the F-Prot Antivirus OnDemand scanner to ensure that their computer security was not compromised before the virus signature files were updated.

Threat Detection

The latest versions of F-Prot Antivirus detects W32/Kapser.A@mm using virus signature files dated 16 January 2006 or later.

Commtouch® is a leading developer of anti virus software and anti spam filtering services. Commtouch's anti virus computer software, F-PROT Antivirus, is available for a number of operating systems such as Windows, Linux, BSD, Solaris, and AIX as well as the Microsoft Exchange groupware.

1993-2013 © CYREN