|
-
May 20th, 2002, 11:28 AM
#1
Driver Terrier
 kazaa officially a virus....
Had a guest in the chatroom with this...lot of people gonna be swearing real soon!
<a href="http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_adp.php?p_refno=020520-000004" target="_blank">http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_adp.php?p_refno=020520-000004</a>
Brief description:
Worm/Kazaa.Benj that uses the file exchange P2P network Kazaa to
spread itself. It is written in Borland Delphi and is
approximately 216 kb in size The size of a file can vary since
the worm adds random data to itself to avoid detection.
The worm then copies itself in the \windows\%system% directory
under the filename "EXPLORER.scr".
Additionally, a set of random *.scr and *.exe files are created
in the /windows/Temp/sys32 folder.
So that it gets run each time a user restart their computer the
following registry key gets added:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run
System-Service"="C:\\WINDOWS\\SYSTEM\\EXPLORER.SCR
The following key also gets created:
HKEY_LOCAL_MACHINE\Software\Microsoft
"syscod"="00090D64D4700E36"
Once EXLPORER.scr is ran, it will create a large number of *.exe
and *.scr files with names assocaited with movie titles, song
titles, or T.V. shows (ie. Age of Empires ScreenSaver,
BlackHawkDown, NASCAR Heat-installer). A user searching for a
file in the Kazaa network finds it in the list of accessible
files on already infected machine. Kazaa newtork users then
download the worm and execute it. The worms payload is to open
the (benjamin.xww.de) website.
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
May 20th, 2002, 01:46 PM
#2
Registered User
-
May 20th, 2002, 02:46 PM
#3
Registered User
I wondered how long it would be before somebody would unleash something like this.
-
May 20th, 2002, 03:37 PM
#4
Registered User
Thanks for the info.
It was only a matter of time.
-
May 21st, 2002, 06:43 AM
#5
Registered User
this is actually not that bad. Only because it's a test. Virus writers are jsut testing the baility with a little dinky worm that's easily detectable and eraseble. I'm worried about the REAL attack that will come when they make one that self replicates, hides, erases and kills the computer.
Then you'll see all our paychecks rise!
-
May 21st, 2002, 09:30 AM
#6
Registered User
I guess it's another step towards the "superworm" trojan virus that will make a lot of people cry someday. 
Thanks for the notice, NooNoo.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
Bookmarks