Once Again A Virus Targets The KaZaA Network - Duload

22 August 2002

Kaspersky Labs reports the detection of the network worm "Duload", which is spreading across the KaZaA file-exchange network. Presently Kaspersky Labs has already received several registered instances of infection in Italy. The worm itself is a Windows (PE EXE) attachment written in Visual...

Kaspersky Lab reports the detection of the network worm Duload, which is spreading across the KaZaA file-exchange network. Presently Kaspersky Lab has already received several registered instances of infection in Italy. The worm itself is a Windows (PE EXE) application written in Visual Basic. Currently two modifications of the Duload worm are known, each having a different file size:

Worm.P2P.Duload.a - 18432 bytes

Worm.P2P.Duload.b - 7680 bytes (Compressed with the UPX utility) If the infected attachment is accidentally opened "Duload" copies itself to the Windows system directory under the name "SystemConfig.exe" and modifies the system registry so that this file automatically loads each time Windows is started. Next, the Duload worm creates a folder in the Windows directory called "Media" and copies itself to this directory under 39 different names. Such as:

Pamela Anderson And Tommy Lee Home Video.exe
Alicia Silverstone Payboy Nude.exe
Kama Sutra Tetris.exe
Soldier Of Fortune 2 Mutiplayer Serial Hack.exe
The Sims Game Crack.exe
Warcraft 3 Battle.net Crack.exe "Duload" then once again modifies the system registry in order to make the "Media" folder accessible to all other KaZaA network users. One modification of the worm (Worm.P2P.Duload.a) also downloads from an Internet site several Trojan programs designed to establish the unauthorized remote management of victim computers. The defense against "Duload" has already been added to the Kaspersky Lab Anti-virus database. More detailed information regarding the Duload network worm can be found in the Kaspersky Lab Virus Encyclopedia.

Once Again A Virus Targets The KaZaA Network - Duload

Kaspersky

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Innovating the industry with a Cyber Immunity approach, Kaspersky safeguards consumers, businesses, critical infrastructure, and governments from cyberthreats, with over a billion devices protected to date.

Kaspersky ensures Cybersecurity True to Business, focusing on providing clear outcomes, protecting revenue, easing workloads and preventing downtime. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services for organizations of every size, from small businesses to large enterprises, combining proven AI-driven protection technologies with simple management and expert support.

Recognized in independent tests and trusted by millions of individuals worldwide and nearly 200,000 organizations, Kaspersky helps detect threats earlier, respond faster and operate with greater confidence and freedom, protecting what matters most to our clients. Learn more at www.kaspersky.com.

Once Again A Virus Targets The KaZaA Network - Duload

Once Again A Virus Targets The KaZaA Network - Duload

About Kaspersky

Related Articles Press Releases

Botnet activity in H1 2018: Multifunctional bots becoming more widespread

AppleJeus: Lazarus group hunts cryptocurrency exchanges using macOS malware

Dark Tequila: complex banking malware operating since at least 2013

Over one third of all phishing attacks target financial sector customers in second quarter of 2018

Phantom menace: mobile banking Trojan modifications reach all-time high

Cybercriminals targeted at least 400 industrial companies with spear-phishing attack for financial gain

Hidden threat: criminals conceal miners under the guise of legitimate thematic applications

Prilex: POS malware evolves to target chip and PIN-protected cards

Sofacy shifts focus to include Far East defense and diplomacy, overlaps with advanced cyberespionage groups

Slingshot: the spy that came in from the router