Once Again a Virus Targets the KaZaA Network
Posted on 23.08.2002
Kaspersky Labs reports the detection of the network worm "Duload", which is spreading across the KaZaA file-exchange network. Presently Kaspersky Labs has already received several registered instances of infection in Italy.

The worm itself is a Windows (PE EXE) attachment written in Visual Basic. Currently two modifications of the Duload worm are known, each having a different file size:

Worm.P2P.Duload.a - 18432 bytes
Worm.P2P.Duload.b - 7680 bytes (Compressed with UPX utility)

If the infected attachment is accidentally opened "Duload" copies itself to the Windows system directory under the name "SystemConfig.exe" and modifies the system registry so that this file automatically loads each time Windows is started.

Next, the Duload worm creates a folder in the Windows directory called "Media" and copies itself to this directory under 39 different names. Such as:

Pamela Anderson And Tommy Lee Home Video.exe
Alicia Silverstone Payboy Nude.exe
Kama Sutra Tetris.exe
Soldier Of Fortune 2 Mutiplayer Serial Hack.exe
The Sims Game Crack.exe
Warcraft 3 Battle.net Crack.exe

"Duload" then once again modifies the system registry in order to make the "Media" folder accessible to all other KaZaA network users.

One modification of the worm (Worm.P2P.Duload.a) also downloads from an Internet site several Trojan programs designed to establish the unauthorized remote management of victim computers.

The defense against "Duload" has already been added to the Kaspersky Labs Anti-virus database.

More detailed information regarding the Duload network worm can be found in the Kaspersky Labs Virus Encyclopedia.





Spotlight

Free security software identifies cloud vulnerabilities

Posted on 21 October 2104.  |  Designed for IT and security professionals, the service gives a view of the data exchanged with partner and cloud applications beyond the network firewall. Completely passive, it runs on non-production systems, and does not require firewall changes.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Oct 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //