[antivirus] FW: Virus News: Once Again A Virus Targets The KaZaA Network - Duload

  • From: "Lim, Franciscus" <Franciscus.Lim@xxxxxxx>
  • To: AntivirusClub@xxxxxxxxxxxxxxx, Antivirus@xxxxxxxxxxxxx,vaksin@xxxxxxxxxxxxxxx
  • Date: Fri, 23 Aug 2002 09:19:52 +0800


-----Original Message-----
From: news@xxxxxxxxxxxxx [mailto:news@xxxxxxxxxxxxx]
Sent: Thursday, August 22, 2002 8:04 PM
To: news@xxxxxxxxxxxxx
Subject: Virus News: Once Again A Virus Targets The KaZaA Network -
Duload



Virus News. Thursday, August 22, 2002
******************************************************************

1. Once Again A Virus Targets The KaZaA Network - Duload
2. How to subscribe/unsubscribe

****

1. Once Again A Virus Targets The KaZaA Network - Duload
Kaspersky Labs reports the detection of the network worm Duload, which
is spreading across the KaZaA file-exchange network. Presently Kaspersky
Labs has already received several registered instances of infection in
Italy.

The worm itself is a Windows (PE EXE) attachment written in Visual
Basic. Currently two modifications of the Duload worm are known, each
having a different file size:

Worm.P2P.Duload.a - 18432 bytes 
Worm.P2P.Duload.b - 7680 bytes (Compressed with the UPX utility)

If the infected attachment is accidentally opened "Duload" copies itself
to the Windows system directory under the name "SystemConfig.exe" and
modifies the system registry so that this file automatically loads each
time Windows is started.

Next, the Duload worm creates a folder in the Windows directory called
"Media" and copies itself to this directory under 39 different names.

Such as:
Pamela Anderson And Tommy Lee Home Video.exe 
Alicia Silverstone Payboy
Nude.exe 
Kama Sutra Tetris.exe 
Soldier Of Fortune 2 Mutiplayer Serial Hack.exe 
The Sims Game Crack.exe 
Warcraft 3 Battle.net Crack.exe

"Duload" then once again modifies the system registry in order to make
the "Media" folder accessible to all other KaZaA network users.

One modification of the worm (Worm.P2P.Duload.a) also downloads from an
Internet site several Trojan programs designed to establish the
unauthorized remote management of victim computers.

The defense against "Duload" has already been added to the Kaspersky
Labs Anti-virus database.

More detailed information regarding the Duload network worm can be found
in the Kaspersky Labs Virus Encyclopedia at:
http://www.viruslist.com/eng/viruslist.html?id=51566.



**

2. How to subscribe/unsubscribe

If you would like to subscribe to other Kaspersky Lab news blocks or 
to unsubscribe from this news block, you can do so by visiting
http://www.kaspersky.com/subscribenow.html

If you experience any problems with this procedure, please contact us at:
news@xxxxxxxxxxxxx

****

Best of Luck,

Kaspersky Lab News Agent

-----
10 Geroyev Panfilovtcev St., Moscow, 125363, Russia
Telephone./Facsimile: +7 (095) 948 43 31
WWW: http://www.kaspersky.com, http://www.viruslist.com
FTP: ftp://ftp.kasperskylab.ru
E-mail: info@xxxxxx

Other related posts:

  • » [antivirus] FW: Virus News: Once Again A Virus Targets The KaZaA Network - Duload
  1. Home
  2. antivirus
  3. Archive
  4. 08-2002