When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

FastTrack network(Kazaa) share virus too

Thanks mxxcon for the heads up on this one from BPN Forum. This worm uses the Kazaa file exchange P2P network to spread itself. The Kazaa network allows its users to exchange files with each other using the Kazaa client software. To learn more about the Kazaa network visit their site at: https://www.kazaa.com.

Benjamin is written in Borland Delphi and is approximately 216 Kb in size - it is compressed by the AsPack utility. The size of a file can vary greatly as the worm ends each file with "dust" for masking.

Install

Firstly the worm shows a false error report:

Error

Access error #03A:94574: Invalid pointer operation

File possibly corrupted.

[ OK ]

It copies itself to the %WinDir%SYSTEM directory as: EXPLORER.SCR.

Benjamin then creates two keys in the system registry:

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun] "System-Service"="C:WINDOWSSYSTEMEXPLORER.SCR"

[HKEY_LOCAL_MACHINESoftwareMicrosoft] "syscod"="0065D7DB20008306B6A1"

The worm executes after system restarts.

News source: Viruslist.com

Report a problem with article
Next Article

Blueyonder UDP update

Previous Article

Judge Warns Microsoft It Must Comply