[antivirus] FW: [metro.ch: ML KAV.ch info] August 22 2002 (2): Worm Advisory - "Duload"
- From: "Lim, Franciscus" <Franciscus.Lim@xxxxxxx>
- To: AntivirusClub@xxxxxxxxxxxxxxx, Antivirus@xxxxxxxxxxxxx,vaksin@xxxxxxxxxxxxxxx
- Date: Fri, 23 Aug 2002 09:21:32 +0800
-----Original Message-----
From: info@xxxxxx [mailto:info@xxxxxx]
Sent: Thursday, August 22, 2002 7:39 PM
To: avp-info-list@xxxxxx
Subject: [metro.ch: ML KAV.ch info] August 22 2002 (2): Worm Advisory -
"Duload"
Kaspersky Antivirus (KAV) Newsletter, August 22 2002 (2)
----------------------------------------------------------------------
(c) Metropolitan Network BBS Inc., www.metro.ch
In this issue:
1.) Network worm advisory - "Duload"
----------------------------------------------------------------------
1.) Network worm advisory - "Duload"
Kaspersky Labs reports the detection of the network worm "Duload",
which is spreading across the KaZaA file-exchange network. Presently
Kaspersky Labs has already received several registered instances of
infection in Italy.
The worm is a Windows (PE EXE) attachment written in Visual
Basic. Currently two variants of the Duload worm are known,
each having a different file size:
Worm.P2P.Duload.a - 18432 bytes
Worm.P2P.Duload.b - 7680 bytes (Compressed with UPX utility)
If the infected attachment is accidentally opened "Duload" copies
itself to the Windows system directory under the name
"SystemConfig.exe" and modifies the system registry so that this
file automatically loads each time Windows is started.
Next, the Duload worm creates a folder in the Windows directory
called "Media" and copies itself to this directory under 39
different names.
Such as:
Pamela Anderson And Tommy Lee Home Video.exe
Alicia Silverstone Payboy Nude.exe
Kama Sutra Tetris.exe
Soldier Of Fortune 2 Mutiplayer Serial Hack.exe
The Sims Game Crack.exe
Warcraft 3 Battle.net Crack.exe
"Duload" then once again modifies the system registry in order to
make the "Media" folder accessible to all other KaZaA network
users.
One modification of the worm (Worm.P2P.Duload.a) also downloads
from an Internet site several Trojan programs designed to
establish unauthorized remote management of victim computers.
Detection of this malware has already been added to the
anti-virus database.
----------------------------------------------------------------------
Note: you received this email posting because you subscribed your
email address to this email list. You can unsubscribe anytime at:
http://www.kav.ch/E/mnserv.htm
Report abuse at http://www.kav.ch/E/feedback.htm
----------------------------------------------------------------------
Metropolitan Network BBS Inc. * Switzerland * www.metro.ch
Kaspersky Antivirus: www.kav.ch
eset NOD32: www.nod32.ch *NEW*
Other related posts:
- » [antivirus] FW: [metro.ch: ML KAV.ch info] August 22 2002 (2): Worm Advisory - "Duload"
