May, 2002 - Kazaa virus - P2P (peer
to peer) virus/worm
A new worm which has quickly spread
in the Kazaa file sharing networks. The virus, which is known as Benjamin,
masquerades as popular music, video and software files to make it
more likely users will download it.
The Benjamin worm uses Kazaa p2p (peer-to-peer)
network to spread. Much like Napster, The Kazaa network allows its
participants to exchange files with each other, using dedicated Windows-based
software. Kazaa typically has more than one million users online at
the same time, exchanging media files with each other.
Benjamin virus only works on Windows
workstations which have the Kazaa program installed, When the virus
is started, it shows a fake error message to the user:
- Access error #03A:94574: Invalid
pointer operation
File possibly corrupted.
After this the worm creates hundreds
of files to the users hard drive and shares them to other Kazaa users.
These files are actually copies of the worm itself, but they have
been named to fool people into downloading them. Examples include:
"Deepest Purple-The Very Best
of Deep Purple - Smoke on the Water"
"Metallica - Until it sleeps"
"Johann Sebastian Bach - Brandenburg Concerto No 4"
"South Park Vol.3-divx-full-downloader"
"Star wars Episode 1-divx-full-downloader"
"F1 Racing Championship-Games-full-downloader"
"Chessmaster 8000-Games-full-downloader"
The total list of filenames contains
over 2000 entries. Apparently this list has been created by monitoring
most popular searches being made in the Kazaa network. The size of
the shared infected files varies between 200 and 800 kB. These files
always .EXE or .SCR extension, but it has often been hidden by prepending
dozens of space characters between the filename and the extension.
F-Secure
Computer Associates
Symantec
McAfee
