-----Original Message----- From: news@xxxxxxxxxxxxx [mailto:news@xxxxxxxxxxxxx] Sent: Thursday, August 22, 2002 8:04 PM To: news@xxxxxxxxxxxxx Subject: Virus News: Once Again A Virus Targets The KaZaA Network - Duload Virus News. Thursday, August 22, 2002 ****************************************************************** 1. Once Again A Virus Targets The KaZaA Network - Duload 2. How to subscribe/unsubscribe **** 1. Once Again A Virus Targets The KaZaA Network - Duload Kaspersky Labs reports the detection of the network worm Duload, which is spreading across the KaZaA file-exchange network. Presently Kaspersky Labs has already received several registered instances of infection in Italy. The worm itself is a Windows (PE EXE) attachment written in Visual Basic. Currently two modifications of the Duload worm are known, each having a different file size: Worm.P2P.Duload.a - 18432 bytes Worm.P2P.Duload.b - 7680 bytes (Compressed with the UPX utility) If the infected attachment is accidentally opened "Duload" copies itself to the Windows system directory under the name "SystemConfig.exe" and modifies the system registry so that this file automatically loads each time Windows is started. Next, the Duload worm creates a folder in the Windows directory called "Media" and copies itself to this directory under 39 different names. Such as: Pamela Anderson And Tommy Lee Home Video.exe Alicia Silverstone Payboy Nude.exe Kama Sutra Tetris.exe Soldier Of Fortune 2 Mutiplayer Serial Hack.exe The Sims Game Crack.exe Warcraft 3 Battle.net Crack.exe "Duload" then once again modifies the system registry in order to make the "Media" folder accessible to all other KaZaA network users. One modification of the worm (Worm.P2P.Duload.a) also downloads from an Internet site several Trojan programs designed to establish the unauthorized remote management of victim computers. The defense against "Duload" has already been added to the Kaspersky Labs Anti-virus database. More detailed information regarding the Duload network worm can be found in the Kaspersky Labs Virus Encyclopedia at: http://www.viruslist.com/eng/viruslist.html?id=51566. ** 2. How to subscribe/unsubscribe If you would like to subscribe to other Kaspersky Lab news blocks or to unsubscribe from this news block, you can do so by visiting http://www.kaspersky.com/subscribenow.html If you experience any problems with this procedure, please contact us at: news@xxxxxxxxxxxxx **** Best of Luck, Kaspersky Lab News Agent ----- 10 Geroyev Panfilovtcev St., Moscow, 125363, Russia Telephone./Facsimile: +7 (095) 948 43 31 WWW: http://www.kaspersky.com, http://www.viruslist.com FTP: ftp://ftp.kasperskylab.ru E-mail: info@xxxxxx