|
|
|
VIRUS NAME
: W32/Bare.worm
Virus
Characteristics
This is a simple
peer-to-peer network worm. It's designed to target the Gnutella, eDonkey and
KaZaa file-sharing networks, using the following servent programs:
- Bearshare
- Morpheus
- eDonkey2000
- KaZaa
When run, the worm checks its
path and filename. If the path name and file name matches one of the internally
recognized names, the worm proceeds in copying itself to that path using the following
filenames:
Part 1
- GTA3
- Kazaa 1.73
- Starcraft
- Warcraft 3
- Winamp 3.01
Part 2
- crack
- full downloader
- key generator
- patch
- serial
or
Part 1
- Britney Spears
- Christina Aguilera
- Claudia Schiffer
- Jennifer Lopez
- Pamela Anderson
Part 2
- nude
- porno
- xxx
Part 3
- avi
- jpg
- mpg
- zip
or
Part 1
- AOL
- ICQ
- Kazaa
- mIRC
- MSN
- Windows 2000
Part 2
- backdoor remover
- hack
- password stealer
or
Part 1
- Harry Potter
- Spiderman
Part 2
- screensaver
- wallpaper
All of the filenames end with
.EXE. Examples of the filenames are:
- GTA3 crack.exe
- Britney Spears porno.jpg.exe
- MSN password stealer.exe
- Harry Potter screensaver.exe
The worm does not configure
itself to load at system startup or carry any damaging payloads.
Symptoms
Presence of the aforementioned constructed filenames in the following directories:
- \program files\bearshare\shared\
- \program files\morpheus\my shared folder\
- \program files\eDonkey2000\incoming\
- \program files\kazaa\my shared folder\
Method
Of Infection
This worms spreads by enticing peer-to-peer file sharing users to download and
run itself. Once run, the worm copies itself to expected shared folders for others
to download.
|
|
|
