-=PCTechTalk=- W32.Benjamin.Worm -- Targets P2P Users

• From: Master NetLord <NetLord@xxxxxxx>
• To: PCTechTalk - Freelists <pctechtalk@xxxxxxxxxxxxx>,WinTips-Tricks <WinTips-Tricks@xxxxxxxxxxxxxxx>,WinXPHelp <WinXPHelp@xxxxxxxxxxxxxxx>
• Date: Wed, 3 Jul 2002 21:58:53 -0400

>From Symantec...........

W32.Benjamin.Worm

Low Threat [2]
 
Win32 

Global Infection breakdown by 
geographic region
% of Total 
 
America (North & South)  45.5% 
EMEA (Europe, Middle East, Africa)   52.7% 
Japan    0.0% 
Asia Pacific    1.8% 

W32.Benjamin.Worm comes disguised as popular music, movie, 
or software files. It spreads across KaZaA file-sharing networks by 
tricking KaZaA users into downloading the program and opening 
it.

The size of the worm can vary because the worm pads copies of 
itself with garbage bytes. The worm creates the 
C:\%Windows%\Temp\Sys32 folder. It then changes the KaZaA 
download folder settings so that this new folder is accessible to 
other KazaA network users. This allows other KaZaA users to 
download files from that location.

The worm then copies itself into this folder using many different 
names that are chosen randomly from a list that the worm carries. 
Here are some examples:

Chterbahn Designer -full-downloader
Acrobat Capture 3.0 -full-downloader
Age of Empires-Games-full-downloader
American Pie 2 -divx-full-downloader
Baseball 2001-Games-full-downloader
Metallica - Blackened
ac dc - Fight For Your Right

The worm then displays a fake error message, finally, it waits in the 
background for other KaZaA users to download the worm file.

http://www.sarc.com/avcenter/venc/data/w32.benjamin.worm.html

Yana Liu and Douglas Knowles
Symantec Security Response, 


Regards from the
"Keyboard Cowboy",
Master NetLord
,,,,,
Ô¿Ô¬
Cincinnati, Ohio
Scottsdale, Arizona
«::::»¤«::::»¤¤«::::»¤«::::»
Wednesday
07/03/2002
9:55:37 PM

To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk

To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/

Other related posts:

• » -=PCTechTalk=- W32.Benjamin.Worm -- Targets P2P Users

1. Home
2. pctechtalk
3. Archive
4. 07-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---