Skip navigation
Skip navigation

Cambridge, UK, December 4, 2000 - Kaspersky Lab, an international data-security software-development company, announces the discovery of a new Internet-worm, "Prolin," that has been developed by an unknown hacker going by the pseudonym of "The Penguin." To date, Kaspersky Lab has received many reports of infections by this worm from Poland. The "Prolin" worm is capable of operating on Windows 2000. For normal operating under other versions of the operating system (Windows 95/98, Windows NT), the worm requires the Visual Basic 6.0 run-time library MSVBVM60.DLL, which is not included in the package by default.

"Prolin" spreads using e-mail messages masquerading as a great Shockwave Flash movie. In order to initiate the e-mail spreading routine, the worm gains access to the MS Outlook address book, reads found e-mail addresses, and sends the following message to the addresses: Check out this new flash movie that I downloaded just now ... It’s Great.

The worm itself is hidden as a CREATIVE.EXE file attached to the message.
After the infected attachment is run, "Prolin" places its copies to the disk C: directory and to the Windows start up folder. Because of a bug, the worm fails to plant itself into systems that have the Windows operating system installed in folders other than /WINDOWS. The worm then sends out a notification to an e-mail address within the Yahoo domain: subject: Job complete. message: Got yet another idiot

After this, "Prolin" initiates the main payload routine that searches a local hard drive for files with ZIP, MP3 and JPG extensions, and moves them to the C: directory adding to their names the following string: "change at least now to LINUX."

Kaspersky Lab estimates the threat of this worm as medium, since it does not make any irreversible changes that can affect a system's normal operation. However, we recommend users not tempt fate, and under no circumstances, run the attached file CREATIVE.EXE. This is because in some cases (duplicate file names in different directories, insufficient hard disk space, exceeding the number of allowed files in the C: directory) the worm is able to completely destroy the damaged files.
"Considering the large number of infections in Poland caused by this worm, Kaspersky Lab has released a special cure that allows for fast and effective restoring of the files that have been damaged. The cure is available free of charge on our Web site," said Denis Zenkin, Head of Corporate Communications for Kaspersky Lab.

Protection against the "Prolin" worm has been added to the daily update of Kaspersky Anti-Virus (AVP). The update is available for free at the Kaspersky Lab Web site.

The technical details on the "Prolin" worm are available at Kaspersky's Virus Encyclopedia at

Kaspersky Anti-Virus (AVP) can be purchased at the Kaspersky Lab online store.

About Kaspersky Lab

Kaspersky Lab Ltd. is a fast growing international privately owned data-security software-development company with offices in Moscow (Russia), Cambridge (UK) and Walnut Creek (United States). Founded in 1997, the company concentrates its efforts on the development of world-leading anti-virus technologies and software. Kaspersky Lab also provides free online security related Internet information services. The company markets, distributes and supports its software and services in more than 40 countries worldwide.

Media Contacts

Denis Zenkin
Kaspersky Lab, Ltd.
Phone: +7 (095) 797 87 00

Sara Claridge
Marylebone Media Relations
Phone +44 118 975 5188

This press release was distributed by ResponseSource Press Release Wire on behalf of Marylebone Media Relations in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit