Það er búin að vera að ganga vírus með Kazaa forritinu og ég veit að mjög margir hugarar nota þetta forrit.
W32.Benjamin.Worm
Discovered on: May 19, 2002
Last Updated on: May 21, 2002 at 09:08:55 PM PDT
W32.Benjamin.Worm comes disguised as popular music, movie, or software files. It spreads across KaZaA file-sharing networks by tricking KaZaA users into downloading the program and opening it.
The size of the worm can vary because the worm pads copies of itself with garbage bytes.
Type: Worm
Infection Length: Variable
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Unix, Linux
Virus Definitions (Intelligent Updater)*
May 20, 2002
Technical details:
When W32.Benjamin.Worm is executed, it does the following:
It copies itself as C:\%System%\Explorer.scr.
NOTE: %System% is a variable. The worm locates the \Windows\System folder (by default this is C:\Windows\System or C:\Winnt\System32) and copies itself to that location.
It then adds the \Syscod subkey under the registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
It also adds the value
System-Service C:\%SYSTEM%\EXPLORER.SCR
to the registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This causes the worm to run when you start Windows.
How it spreads
NOTE: For W32.Benjamin.Worm to spread, it requires that the KaZaA software be installed on the computer.
The worm creates the C:\%Windows%\Temp\Sys32 folder. It then changes the KaZaA download folder settings so that this new folder is accessible to other KazaA network users. This allows other KaZaA users to download files from that location.
The worm then copies itself into this folder using many different names that are chosen randomly from a list that the worm carries. Here are some examples:
Chterbahn Designer -full-downloader
Acrobat Capture 3.0 -full-downloader
Age of Empires-Games-full-downloader
American Pie 2 -divx-full-downloader
Baseball 2001-Games-full-downloader
Metallica - Blackened
ac dc - Fight For Your Right
Þetta er tekið af slóðinni:
http://securityresponse.symantec.com/avcenter/venc/data/w32.benjamin.worm.html
Það eru aðeins meiri upplýsingar þar, ég lenti í því að fá vírus þarna í gegn, sem var rosalega leiðinlegt, því að það er erfitt að sjá hann. Og ég veit að það er lítil umræða um þennan vírus á Íslandi. Þetta er hreinlega spurning um að hafa augun opin fyrir þessu.
Mekara