PDA

View Full Version : Yet Another P2p Worm



ProwL418
02-15-2003, 08:47 PM
http://www.theregister.co.uk/content/56/29323.html
be advised guys
This detection is for a remote access trojan whose server component is a worm, intended to propagate via two channels:

KaZaa P2P file-sharing networks (under various enticing filenames)
mIRC channels (as RealWayToHack.exe)
The worm terminates processes relating to a significant number of anti-virus and security products if they are running.

Once running on the victim machine, the worm opens a port (default = 31337, but this is configurable) which enables the hacker to connect (using the client component, described below). A public script library is used in order to send a notification to the hacker via HTTP. The noification contains the following information (obviously IP address and port number will vary):

from=iGLOO
[email protected]
subject=iGLOO
body=iGLOO
Remote IP : A.B.C.D
Remote Port : 31337

ooo
02-15-2003, 08:53 PM
aite thankz for the tipz / info...

smellycat
02-15-2003, 11:19 PM
Just to clarify the issue.

They aren't pics but executables.

eg.

sarah_michelle_gellar_nude.jpg.exe
sarah_michelle_gellar_naked.jpg.exe
sandra_bullock_nude.jpg.exe
sandra_bullock_naked.jpg.exe
anastasia_anal.jpg.exe
anastasia_naked.jpg.exe

If the filename has the extension .jpg you are okay.
If the filename has the extension .jpg.exe it's probably a virus.

What you could do is go to
Options, Kazaa Lite Options, Filter, and
add .jpg.exe to the Blocklist

I_DONT_SHARE_PORN
02-15-2003, 11:28 PM
LOL