New worm crawls around Kazaa ZDNet (UK) August 22, 2002, 11:00 AM PT Users of file-swapping service Kazaa have been warned about a new worm that could put their computers under the remote control of hackers. Antivirus firm Kaspersky Labs said on Thursday that it had detected the worm, called Duload, spreading across the Kazaa network. This is at least the third worm to hit the Kazaa network, following KWBot last month and May's Benjamin worm. Duload is a Windows attachment written in visual basic, Kaspersky said. Like KWBot and Benjamin, Duload spreads by modifying the infected computer's system registry and then disguising multiple copies of itself as files that other Kazaa users might like to download. The first time that Duload is run, it copies itself to the Windows system directory under the name "Systemconfig.exe", and edits the system registry so that it is automatically run whenever Windows is loaded. Read more here: http://zdnet.com.com/2100-1105-954893.html Copyright =A9 2002 CNET Networks, Inc. All rights reserved Additional reference urls: http://www.extremetech.com/print_article/0,3998,a=3D30 299,00.asp http://www.theregister.co.uk/content/55/26794.html http://www.theage.com.au/articles/2002/08/23/103005296 6626.html http://vil.nai.com/vil/content/v_99640.htm http://www.viruslist.com/eng/viruslist.html?id=3D51566 http://www.trendmicro.com/pc-cillin/vinfo/virusencyclo /default5.asp?VName=3DWORM_DULOAD.A http://www.trendmicro.com/pc-cillin/vinfo/virusencyclo /default5.asp?VName=3DWORM_DULOAD.B ~*~*~*~*~ To unsubscribe from our list send an email to hackfix-virusnews-request@xxxxxxxxxxxxx?Subject=unsubscribe. For a complete list of email commands for our list send an email to ecartis@xxxxxxxxxxxxx with a subject line of "info hackfix-virusnews" without the quotes. ~*~*~*~*~