|
|
 |
|
|
Pages: 1
New worm eats into Kazaa
(Click here to view the original thread with full colors/images)
Posted by: Tweaker
The Kazaa file-swapping network has been hit by another worm, just months after the first such attack, according to antivirus vendors. Antivirus company Sophos said it had received several reports of the KWBot worm in the wild. KWBot appears to be the second worm to hit the Kazaa network, which fell prey to the Benjamin worm in May.
KWBot spreads in a similar way to Benjamin in that it alters Windows registry keys and then disguises itself as files that are likely to prove popular with file-swappers. It makes particular use of the names of movies and applications. When first executed, the worm copies itself to the Windows system folder as xplorer32.exe, said Sophos. It will then create two registry entries so that the copy is run each time Windows is started
The worm may also allow attackers to gain control of an infected computer using commands transmitted over Internet Relay Chat.
According to the article, the executable type is Windows only. There is a dead giveaway with the exe extension, but that is too easy. It is also fairly clear (from the article) that only Windows machines (9x/WNT/W2K/XP) are subject to this virus. One could also conclude that the thieves are only using Windows based machines because that is what is being infected. The technical details are in the article!
Source: ZDNet News
|
|
|
|
|
