The Web    www.100share.com    Google
 
6/14: Spybot-CO Spreads via KaZaA Network
 

6/14: Spybot-CO Spreads via KaZaA Network
June 14, 2004

W32/Spybot-CO is a P2P worm that spreads via the KaZaA file sharing network. In order to be run automatically on system startup, the worm copies itself to a file named AUGMSG.EXE in the Windows system folder and sets the following registry entries to point to this file.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
augmsg=AUGMSG.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\ augmsg=AUGMSG.EXE

The worm creates the folder %system%\kazaabackupfiles and copies itself there using certain file names. View them and other information at Sophos page.


 
  • 12/17: Forbot-DA Worm Targets Flaws
  • How hacking has entered the age of mass production.
  • Senate Debating Data Privacy Changes
  • 6/8: Trojan.Dingsta.A Logs Keystrokes
  • Securing the DoJ
  • Critical Flaws Spoil Opera Tune
  • Researcher: IE Cumulative Patch Inadequate
  • 4/15: Sdbot-XC Worm Targets Passwords
  • 5/10: Mydoom-BQ a Mass-Mailing Worm
  • How hacking has entered the age of mass production.
  • 11/23: BackDoor-CLK Trojan Copies Itself
  • Compare Security Camera Products










    		•