>From Symantec........... W32.Benjamin.Worm Low Threat [2] Win32 Global Infection breakdown by geographic region % of Total America (North & South) 45.5% EMEA (Europe, Middle East, Africa) 52.7% Japan 0.0% Asia Pacific 1.8% W32.Benjamin.Worm comes disguised as popular music, movie, or software files. It spreads across KaZaA file-sharing networks by tricking KaZaA users into downloading the program and opening it. The size of the worm can vary because the worm pads copies of itself with garbage bytes. The worm creates the C:\%Windows%\Temp\Sys32 folder. It then changes the KaZaA download folder settings so that this new folder is accessible to other KazaA network users. This allows other KaZaA users to download files from that location. The worm then copies itself into this folder using many different names that are chosen randomly from a list that the worm carries. Here are some examples: Chterbahn Designer -full-downloader Acrobat Capture 3.0 -full-downloader Age of Empires-Games-full-downloader American Pie 2 -divx-full-downloader Baseball 2001-Games-full-downloader Metallica - Blackened ac dc - Fight For Your Right The worm then displays a fake error message, finally, it waits in the background for other KaZaA users to download the worm file. http://www.sarc.com/avcenter/venc/data/w32.benjamin.worm.html Yana Liu and Douglas Knowles Symantec Security Response, Regards from the "Keyboard Cowboy", Master NetLord ,,,,, Ô¿Ô¬ Cincinnati, Ohio Scottsdale, Arizona «::::»¤«::::»¤¤«::::»¤«::::» Wednesday 07/03/2002 9:55:37 PM To unsub or change your email settings: //www.freelists.org/webpage/pctechtalk To access our Archives: http://groups.yahoo.com/group/PCTechTalk/messages/ //www.freelists.org/archives/pctechtalk/