hackfix-virusnews: Virus warning ~ Duload
- From: "Christy" <snowz@xxxxxxxxxx>
- To: hackfix-virusnews@xxxxxxxxxxxxx
- Date: Fri, 23 Aug 2002 19:18:23 -0400
New worm crawls around Kazaa
ZDNet (UK)
August 22, 2002, 11:00 AM PT
Users of file-swapping service Kazaa have been warned
about a new worm that could put their computers under
the remote control of hackers.
Antivirus firm Kaspersky Labs said on Thursday that
it had detected the worm, called Duload, spreading
across the Kazaa network. This is at least the third
worm to hit the Kazaa network, following KWBot last
month and May's Benjamin worm.
Duload is a Windows attachment written in visual
basic, Kaspersky said. Like KWBot and Benjamin,
Duload spreads by modifying the infected computer's
system registry and then disguising multiple copies
of itself as files that other Kazaa users might like
to download.
The first time that Duload is run, it copies itself
to the Windows system directory under the name
"Systemconfig.exe", and edits the system registry so
that it is automatically run whenever Windows is
loaded.
Read more here:
http://zdnet.com.com/2100-1105-954893.html
Copyright =A9 2002 CNET Networks, Inc. All rights
reserved
Additional reference urls:
http://www.extremetech.com/print_article/0,3998,a=3D30
299,00.asp
http://www.theregister.co.uk/content/55/26794.html
http://www.theage.com.au/articles/2002/08/23/103005296
6626.html
http://vil.nai.com/vil/content/v_99640.htm
http://www.viruslist.com/eng/viruslist.html?id=3D51566
http://www.trendmicro.com/pc-cillin/vinfo/virusencyclo
/default5.asp?VName=3DWORM_DULOAD.A
http://www.trendmicro.com/pc-cillin/vinfo/virusencyclo
/default5.asp?VName=3DWORM_DULOAD.B
~*~*~*~*~
To unsubscribe from our list send an email
to hackfix-virusnews-request@xxxxxxxxxxxxx?Subject=unsubscribe.
For a complete list of email commands for our list send
an email to ecartis@xxxxxxxxxxxxx with a subject line of
"info hackfix-virusnews" without the quotes.
~*~*~*~*~
Other related posts:
- » hackfix-virusnews: Virus warning ~ Duload
