HUGHES-L Archives
Archiver > HUGHES > 2000-08 > 0967665273
From: "A. E. Hughes" <>
Subject: [HUGHES-L] Fw: Virus info : KAK]
Date: Wed, 30 Aug 2000 12:54:33 -0700
This is a multi-part message in MIME format.
------=_NextPart_000_0087_01C01281.722E6C20
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
----- Original Message -----
From: "Frances Cullom Harper" <>
To: "A E Hughes" <>
Sent: Wednesday, August 30, 2000 2:56 AM
Subject: [Fwd: Virus info : KAK]
> Amy -
>
> Kak is definitely very widespread. I am a media specialist. This is what I
> posted to our professional listserv a few days ago. You might find it
useful
> if you have friends who are trying to rid themselves of the worm. (I hope
> you notified your contacts so they could check their systems.) You can get
> rid of it faster than 8 hrs with the directions below. Another important
> point - get rid of all old email that might contain the virus - inbox,
> outbox, trash. Although you probably have the patch now, you could later
> decide to forward something from your old mail to someone - and that old
> mail might contain kak.
>
> I suspect there are already folks at work modifying kak since I have seen
a
> kakky email come in on my machine that two virus programs missed - but the
> same programs had picked up on kak previously.
>
> Fortunately kak isn't terribly desctructive, but how long will it be
before
> someone copies kak's method of infection to deliver something that IS
> destructive?
>
> Hope the info and links below will help someone.
>
> Frances Cullom Harper wrote:
>
> > For those of you using PC's, if you are not aware of the worm kak, I
> > think you should be. You do NOT have to open an attachment to be
> > infected by it. Infected mail doesn't include an attachment. You only
> > have to open the email itself. Although McAfee and Norton will pick up
> > on it, I believe there may be a new variation out that isn't as easy to
> > detect.
> >
> > Info on this worm may be found at
> > http://www.symantec.com/avcenter/venc/data/wscript.kakworm.html
> > http://www.Europe.F-Secure.com/v-descs/kak.htm
> >
> > I was first aware of it last May when I replied to a friend's email and
> > McAfee alerted me that I was attempting to send mail which contained
> > kak. I did some websearches for kak information and finally determined
> > that kak was already in the email she had sent me, so when I replied to
> > her mail, I was sending it back to her since her original email was part
> > of my reply. McAfee had not alerted when her email arrived. If I had not
> > replied to her mail, I never would have known it.
> >
> > I had my friend search for kak.* and *.kak on her computer and we
> > determined she was infected. She followed the directions at
> > http://www.aks.com/home/csrt/kakrem.asp which cleaned her up
> > successfully and then loaded Norton. Norton has alerted for her when
> > incoming mail with kak arrived.
> >
> > During just the last month, emails containing kak have come in to my
> > computer at least 5 more times. I have the patch from Microsoft and
> > never use Outlook Express plus I'm using McAfee. For a brief period, I
> > had to uninstall McAfee because of a conflict but I used Housecall
> > (http://housecall.antivirus.com/) which also picked up on any mail that
> > contained kak. Last week I forwarded a mail to my friend and received a
> > reply from her that her Norton had reported that the mail contained kak.
> > McAfee had never alerted. The worm had to be in the forwarded mail since
> > I had determined I was not infected plus I was not using Outlook. Before
> > I deleted that piece of mail, I scanned with McAfee and again with
> > Housecall which had both alerted to kak in mail before - neither
> > alerted. This seemed so strange that I had my friend submit the mail to
> > Norton for examination. The report was kak. Meanwhile, her ISP picked up
> > on the worm passing through her mail and shut down her outbox as a
> > precaution. When she called her ISP, she again received the report that
> > the mail contained kak.
> >
> > Since both McAfee and Housecall picked up on kak before, but both missed
> > it in this mail, it's my guess that there may be a new version or
> > variation out that Norton recognizes but the others don't. Yes, my
> > McAfee virus definition files were updated just minutes before I
> > scanned.
> >
> > Anyone can forward kak if it's contained in the original mail, no matter
> > which email program you're using. If you're using Outlook and you
> > haven't installed the patch, if become infected, every mail you create
> > with Outlook will contain kak hidden in your mail.
> >
> > It's easy to tell if you're infected. Just go to Start - Find - Files or
> > folders - and search for *.kak and again for kak.*. If you find any
> > files, you're infected. Follow the directions in the link above. Make
> > sure you install the patch from Microsoft if you haven't already.
> >
> > I often hear the advice, "Never open an attachment from a stranger." I
> > hear many of our teachers say, "I only open attachments from friends."
> > To me, this seems the most dangerous route. Many viruses are spread
> > through Outlook address books. How many strangers do you think have you
> > entered in their address books? The people who are most likely to have
> > you in their address books are your friends and work/business contacts,
> > not strangers! I keep Outlook only because my ISP supports only that
> > program and they often ask me to use it for testing purposes. Otherwise
> > I never use it and I never enter any of my friends' addresses in the
> > Outlook address book. If I should acquire a virus that spreads through
> > the Outlook address book, it won't be able to send itself out to anyone.
> >
> > I hope this will help you avoid kak or get rid of it if you're already
> > infected and didn't realize it. From the number of times I have seen it
> > come in on my own computer recently, I would say it's VERY widespread
> > and common. Remember, there is no attached file that you have to open -
> > it's totally invisible.
> >
> > Frances Harper
> > Media Specialist
> > Southwood Elementary
> > Lexington, NC 27292
> >
>
------=_NextPart_000_0087_01C01281.722E6C20
Content-Type: message/rfc822;
name="Virus info _ KAK.eml"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="Virus info _ KAK.eml"
X-Mozilla-Status2: 00000000
Message-ID: <>
Date: Sat, 26 Aug 2000 08:55:48 -0400
From: Frances Cullom Harper <>
X-Mailer: Mozilla 4.7 [en] (Win98; I)
X-Accept-Language: en
MIME-Version: 1.0
To: School Library Media & Network Communications <>
Subject: Virus info : KAK
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
For those of you using PC's, if you are not aware of the worm kak, I
think you should be. You do NOT have to open an attachment to be
infected by it. Infected mail doesn't include an attachment. You only
have to open the email itself. Although McAfee and Norton will pick up
on it, I believe there may be a new variation out that isn't as easy to
detect.
Info on this worm may be found at
http://www.symantec.com/avcenter/venc/data/wscript.kakworm.html
http://www.Europe.F-Secure.com/v-descs/kak.htm
I was first aware of it last May when I replied to a friend's email and
McAfee alerted me that I was attempting to send mail which contained
kak. I did some websearches for kak information and finally determined
that kak was already in the email she had sent me, so when I replied to
her mail, I was sending it back to her since her original email was part
of my reply. McAfee had not alerted when her email arrived. If I had not
replied to her mail, I never would have known it.
I had my friend search for kak.* and *.kak on her computer and we
determined she was infected. She followed the directions at
http://www.aks.com/home/csrt/kakrem.asp which cleaned her up
successfully and then loaded Norton. Norton has alerted for her when
incoming mail with kak arrived.
During just the last month, emails containing kak have come in to my
computer at least 5 more times. I have the patch from Microsoft and
never use Outlook Express plus I'm using McAfee. For a brief period, I
had to uninstall McAfee because of a conflict but I used Housecall
(http://housecall.antivirus.com/) which also picked up on any mail that
contained kak. Last week I forwarded a mail to my friend and received a
reply from her that her Norton had reported that the mail contained kak.
McAfee had never alerted. The worm had to be in the forwarded mail since
I had determined I was not infected plus I was not using Outlook. Before
I deleted that piece of mail, I scanned with McAfee and again with
Housecall which had both alerted to kak in mail before - neither
alerted. This seemed so strange that I had my friend submit the mail to
Norton for examination. The report was kak. Meanwhile, her ISP picked up
on the worm passing through her mail and shut down her outbox as a
precaution. When she called her ISP, she again received the report that
the mail contained kak.
Since both McAfee and Housecall picked up on kak before, but both missed
it in this mail, it's my guess that there may be a new version or
variation out that Norton recognizes but the others don't. Yes, my
McAfee virus definition files were updated just minutes before I
scanned.
Anyone can forward kak if it's contained in the original mail, no matter
which email program you're using. If you're using Outlook and you
haven't installed the patch, if become infected, every mail you create
with Outlook will contain kak hidden in your mail.
It's easy to tell if you're infected. Just go to Start - Find - Files or
folders - and search for *.kak and again for kak.*. If you find any
files, you're infected. Follow the directions in the link above. Make
sure you install the patch from Microsoft if you haven't already.
I often hear the advice, "Never open an attachment from a stranger." I
hear many of our teachers say, "I only open attachments from friends."
To me, this seems the most dangerous route. Many viruses are spread
through Outlook address books. How many strangers do you think have you
entered in their address books? The people who are most likely to have
you in their address books are your friends and work/business contacts,
not strangers! I keep Outlook only because my ISP supports only that
program and they often ask me to use it for testing purposes. Otherwise
I never use it and I never enter any of my friends' addresses in the
Outlook address book. If I should acquire a virus that spreads through
the Outlook address book, it won't be able to send itself out to anyone.
I hope this will help you avoid kak or get rid of it if you're already
infected and didn't realize it. From the number of times I have seen it
come in on my own computer recently, I would say it's VERY widespread
and common. Remember, there is no attached file that you have to open -
it's totally invisible.
Frances Harper
Media Specialist
Southwood Elementary
Lexington, NC 27292
------=_NextPart_000_0087_01C01281.722E6C20--
This thread:
| [HUGHES-L] Fw: Virus info : KAK] by "A. E. Hughes" <> |