Overview
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
|
Minimum DAT
4248 (2003-02-19) Updated DAT4279 (2003-07-23) |
Minimum Engine
5.1.00 File Length8192 |
Description Added
2003-04-01 Description Modified2003-04-02 |
Malware Proliferation
Characteristics
This worm propagates via the KaZaA P2P file-sharing network. It is also intended to spread over networks (copying itself to the startup folder), but due to a bug this propagation mechanism fails.
When executed the worms copies itself into the system default KaZaA shared folder (determined from Registry key), using the following enticing filenames:
- Crack McAfee 7.exe
- Crack Norton 3000.exe
- Borland KeyGens.exe
- MP3 encoder_decoderV1.8.exe
- HackNTTools.zip [many spaces] .exe
- SophosCrackAllVersion.exe
- BitDefender.KeyGen.exe
- Nod32Crack.exe
- PANDA.lusers.exe
- PANDA.AVers.lusers.exe
It then tries to copy itself as CUCARACHA.EXE in the Spanish and English versions of the Startup folder on remote machines, but fails due to a bug.
Symptoms
Method of Infection
The worm needs to be executed in order to start spreading.
Removal
All Users:
Use specified engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Variants