-
http://www.theregister.co.uk/content/56/29323.html
be advised guys
This detection is for a remote access trojan whose server component is a worm, intended to propagate via two channels:
KaZaa P2P file-sharing networks (under various enticing filenames)
mIRC channels (as RealWayToHack.exe)
The worm terminates processes relating to a significant number of anti-virus and security products if they are running.
Once running on the victim machine, the worm opens a port (default = 31337, but this is configurable) which enables the hacker to connect (using the client component, described below). A public script library is used in order to send a notification to the hacker via HTTP. The noification contains the following information (obviously IP address and port number will vary):
from=iGLOO
[email protected]
subject=iGLOO
body=iGLOO
Remote IP : A.B.C.D
Remote Port : 31337
-
aite thankz for the tipz / info...
-
Just to clarify the issue.
They aren't pics but executables.
eg.
sarah_michelle_gellar_nude.jpg.exe
sarah_michelle_gellar_naked.jpg.exe
sandra_bullock_nude.jpg.exe
sandra_bullock_naked.jpg.exe
anastasia_anal.jpg.exe
anastasia_naked.jpg.exe
If the filename has the extension .jpg you are okay.
If the filename has the extension .jpg.exe it's probably a virus.
What you could do is go to
Options, Kazaa Lite Options, Filter, and
add .jpg.exe to the Blocklist
-
