[email protected]

Kak only affects those using Outlook Express. It exploits a known security
loophole. And it doesn't work if you have active scripting turned off. (If
you don't know what that means, don't panic - I didn't either. The web site I
give below will help.)

Once you've been infected, every email you send out has the worm attached.
But if you're a non-techie without a virus detector, you don't know that
until somebody tells you. That's what happened to me, anyway. Fortunately
some of the people who received emails from me had virus detectors that
picked it up. I still don't even know how I got it. (Incidentally, this
message is from a different email account and not written using OE. :-))

Kak doesn't do devastating damage, but it is obviously something you don't
want. If you use Outlook Express, you'd be well advised to do a search of
your directory, to see whether there are any Kak files in there. (Don't
delete them until you've read up about it, because one is something else. See
below.) There is a very informative page on the web, that explains all about
it, how to get rid of it, and how to get to the Microsoft patch to close the
loophole. The address was given by the listowner of the list to which I
sent an infected email.

http://www.f-secure.com/v-descs/kak.htm

Here's an extract from the page:-

>> The worm uses a known security vulnerability in Outlook Express. Once
the user receives an infected email message, and opens or views the
message in the preview pane, the worm creates a file "kak.hta" to the
Windows Startup directory.

Next time when the system is restarted, the worm activates. It replaces
"c:\autoexec.bat" with a batch file that deletes the worm
from the Startup directory. The original "autoexec.bat" is copied to
"C:\AE.KAK".

It also modifies the message signature settings of Outlook Express
5.0 replacing the current signature with an infected file,
"C:\Windows\kak.htm".
Therefore every message sent with Outlook Express after that will
contain the worm.<<

Mattie