RE: Increased Kuang2 activity

From: <davec(at)skooter.net>
Date: Mon Feb 10 2003 - 12:13:00 EST

>From http://www.iss.net/security_center/static/4074.php

backdoor-kuang2v (4074) High Risk

Kuang2 Virus installs remote control functionality on infected systems

Description:
Kuang2 Virus is a backdoor program designed to run on Windows 95 and 98 systems that infects files much like a virus. Once the virus has been executed on a system, it allows remote control of the system over TCP port 17300 and systematically infects all PE (Portable Executable) .exe files on the system. Remote attackers are able to download and upload files as well as install plugins that expand on the backdoor's basic functions.

Platforms Affected:
Windows 95
Windows 98

Remedy:
The client program includes an antivirus function to clean an infected computer.

To clean the local system, leave the IP address field in the program blank. The antivirus cleaning process copies the infected version of EXPLORER.EXE to EXPLORER.WK2, and removes the virus. The program places the cleaned version of the file back to EXPLORER.EXE, when you shut down and restart your computer. The antivirus process also scans the hard drive, looking for any other infected files. The readme file included in the distribution of the backdoor recommends running the antivirus scan twice to ensure that the backdoor is removed.

Consequences:
Gain Access

References:
McAfee Virus Profile, "W95/Kuang2.cli" at http://vil.mcafee.com/dispVirus.asp?virus_k=10213&

TL Security Trojan Archive, "Kuang 2 The Virus" at http://www.multimania.com/ilikeit/kuang2v.htm

Standards associated with this entry:

Reported:
Date not applicable.

"Logan F.D. Greenlee" <lgreenlee@ciretose.net> wrote ..
> Does anyone have any information on what the kuang2 trojan does, and

---

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Mon Feb 10 15:10:50 2003