|
|
Kaspersky Labs said it had detected a new network worm, "Duload", which is spreading across the KaZaA file-exchange network. Kaspersky Labs has already received several registered instances of infection in Italy. Two modifications of the Duload worm are known, Kaspersky said, each having a different file size: "Worm.P2P.Duload.a" , which is 18,432 bytes; and "Worm.P2P.Duload.b" , a 7,680-byte file compressed with the UPX utility.
Kaspersky said the worms are being transmitted as Visual Basic Windows .exe files. If the infected attachment is accidentally opened, "Duload" copies itself to the Windows system directory under the name "SystemConfig.exe" and modifies the system registry so that this file automatically loads each time Windows is started.
After that, the Duload worm creates a folder in the Windows directory called "Media" and copies itself to this directory under 39 different names, including provocative file names such as "Pamela Anderson And Tommy Lee Home Video.exe", "Alicia Silverstone Payboy Nude.exe", "Soldier Of Fortune 2 Mutiplayer Serial" and "The Sims Game Crack.exe"."Duload" then once again modifies the system registry in order to make the "Media" folder accessible to all other KaZaA network users, repeating the propagation process.
The ".a" version of the file also downloads several Trojan programs to allow the computer to be hijacked remotely, without the user's awareness.
One modification of the worm (Worm.P2P.Duload.a) also downloads from an Internet site several Trojan programs designed to establish the unauthorized remote management of victim computers.
Kaspersky said the "Duload" virus definition has already been added to its database, as has the "Apher" virus, which itself poses as a Miucrosoft advistory that recommends that users open up the attached file. The attachment itself actually seems to be a Kaspersky update, but hides the malicious worm.
If the attached file is accidentally opened "Apher" automatically initiates a connection with a remote web site. From this site a utility enabling the control of the virus "Backdoor.Death.25" is loaded on the infected machine. "
In turn, this program permits the evildoer to clandestinely manage an infected computer, to view and send out confidential information, and create, copy and delete files in addition to much more," according to Kaspersky.
The malicious email reads as follows:
--------------------------
From: info@microsoft.com
Subject: Protect Your NetWare with Kaspersky Anti-Virus
Attachment: AAprices.exe
Kaspersky Labs, an international data-security software developer, announces the official release of Kaspersky Anti-Virus 4.0. "We are pleased to present the latest version of our anti-virus product. The unique technology, updated design, and perfected administering system integrated into Kaspersky Anti-Virus 4.0 is the result of many years of work dedicated to improving the ease of working with the program and increasing computer defense reliability," said Natalya Kaspersky, Kaspersky Labs CEO. The new Kaspersky Anti-Virus version (Personal Pro, Personal, Lite) fully supports the Microsoft Windows XP operating system. Amongst this versions latest innovations are: a complete user interface upgrade corresponding to Tree Chart technology; perfected system installation that allows for the saving the configuration of previously installed versions, and a quarantine feature for isolating infected and suspicious objects; expanded treatment of infected archived files; an added function for the treatment of Microsoft Outlook Express and objects upon system start up and also a memory scanning of active applications; and simplified operating features for disk recovery.
Best regards,
If you have any questions
please call
+1(866) 7280-290
