kayfam
join:2002-02-27
Erie, PA
| New virus in Kazaa (what else is new?)
I found this posted over at Symantic.com. I thought i just pass it along.
W32.HLLW.Cozit is a worm that spreads using the KaZaA peer-to-peer network. It is written in Borland C++ and packed by the UPX runtime packer. It copies itself to the Windows folder as Svchost.exe and changes the registry to run this file whenever you start Windows. When the worm is executed, it copies itself to the KaZaA download folder using a file name chosen at random from a list that the worm carries. On December 1, the worm will display a message in the title bar of the foreground window. You can find more info here: »securityresponse.symantec.com/av···zit.html |
|
freeze
Magic Murder Bag
Premium
join:2001-05-13
Columbus, OH
| Thanks for the heads up....
I'll use IRC a little more now...
[text was edited by author 2002-10-20 10:11:21] |
|
skatetech
Aka Dillhole
Premium
join:2002-07-31
Louisville, KY | reply to kayfam
I don't really use Kazaa. But thank you for taking the time to spread the information. It is always good to know about virii.
--
skate technical... |
|
Fobulous
Premium
join:2002-08-14
Missouri City, TX
clubs: | reply to kayfam
Thanks for the info! |
|
ninersfan
join:2001-02-09
Hayward, CA
| reply to freeze
Thanks for the info,
And I checked it earlier this morning when this was first posted...
*yawn*, it's apparent according to Symantec that this latest one is only a minor risk that anyone with up-to date virus definitions and common sense can easily defend against.
And anyone downloading any of those kind of files listed on Symantec's site without up-to-date antivirus software is going to get infected by something if not this specific virus whatever P2P app they may choose to use.
said by freeze  :
Thanks for the heads up....
I'll use IRC a little more now...
Just be aware that IRC probably has the highest incidence of script kiddies attempting to get "un-suspecting" IRCers
to download trojans, etc.
There's risks everywhere and NO P2P app is in itself more or less vulnerable to these type of risks, the apps in themselves just become more attractive targets as their user base and popularity grows so does the potential to infect greater numbers of users.
Bottom Line: Run a good antivirus software, keep it up to date, become familiar how to properly configure and use whatever program you use for file-trading...
AND use common sense in what you download. Just by following these three practices you will be "safe" most of the time and less likely to be the one infected by the trojan or virus du jour.
--
Deja Moo: the feeling that you've heard this b*llsh*t before.
[text was edited by author 2002-10-20 12:54:45] |
|
MrQu$
Copyridden
join:2002-03-06
| reply to kayfam
Call me crazy but it would be nice if there were a p2p virus that did something good. Like maybe something that attaches itself to the windows startup folder and deletes registry entries for the spyware, optimizes kazaa's connection, clears the past search results, and upgrades participation level to supreme being 1000. That would be a random and unexpected act of kindess. |
|
ninersfan
join:2001-02-09
Hayward, CA
| Definition of a VIRUS by webopedia:
»www.webopedia.com/TERM/v/virus.html
said by webopedia:
A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems. Since 1987, when a virus infected ARPANET, a large network used by the Defense Department and many universities, many antivirus programs have become available. These programs periodically check your computer system for the best-known types of viruses. Some people distinguish between general viruses and worms. A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs.
said by MrQu$ :
Call me crazy but it would be nice if there were a p2p virus that did something good. Like maybe something that attaches itself to the windows startup folder and deletes registry entries for the spyware, optimizes kazaa's connection, clears the past search results, and upgrades participation level to supreme being 1000. That would be a random and unexpected act of kindess.
No, it would not be "nice", I have programs and ways to do all the things you mention without having ANYTHING
loaded onto my computer without my knowledge and running against my wishes.
[text was edited by author 2002-10-20 14:21:36] |
|
cantfoolme
| reply to kayfam
Re: New virus in Kazaa (what else is new?)
type svchost.exe into google. Its a legitmitate windows process for dll's. Symantec is the correct web site. Symantic takes u to some website called "Discountbobs"... |
|
ninersfan
join:2001-02-09
Hayward, CA
| said by cantfoolme:
type svchost.exe into google. Its a legitmitate windows process for dll's. Symantec is the correct web site. Symantic takes u to some website called "Discountbobs"...
huh?
--
Deja Moo: the feeling that you've heard this b*llsh*t before. |
|
MrQu$
Copyridden
join:2002-03-06
| reply to kayfam
certainly was NOT a suggestion, request or directed at anyone. Just a cynical/sarcastic response to naughty people who create a virus for whatever reasons. They know they cause harm yet they circulate. I wouldnt want anyone to break into my home do the dishes, the laundry, and make dinner and same goes for my computer. dude it was a joke
[text was edited by author 2002-10-20 14:51:35] |
|
ninersfan
join:2001-02-09
Hayward, CA
| said by MrQu$ :
I wouldnt want anyone to break into my home do the dishes, the laundry, and make dinner and same goes for my computer. dude it was a joke
Well, now that you clarify then, hahaha! very funny...
Remember, everyone has a different sense of humour, myself..I don't find viruses to be a laughing matter.
Also, it has long been understood that what is written on the internet by computer is not always understood by the use of one's text and words alone, hence the evolution of graphical smileys which help posters better express themselves and show when their being humourous and playful.
Anyway, no harm, no foul 
--
Deja Moo: the feeling that you've heard this b*llsh*t before. |
|
Masamune
This Is Your World Now
join:2001-02-05
Pomona, NY
clubs:  | reply to kayfam
The MIAA are at it again!  |
|
Dude
What Happens When I Do This
Premium
join:2000-11-20
Chicago, IL
clubs: | reply to kayfam
Thnak you for the head's up on this worm. |
|
Rungel
Run A Mile Live Awhile GT2110's
Premium
join:2001-12-05
Ya I'm Here | reply to kayfam
I see this .exe file in there. I think it's a regular windows file isn't it? |
|
Creedless
join:2000-11-05
Edmonton, AB
clubs:
| SVChost is a windows system file. In all likelihood, what was meant was the filename SCVhost.exe, which is becoming more common. Just a spelling trick to ward off suspicion.
EDIT - forgot to add a link - What is SVCHOST
--
BBr| UT Clan Admin
..."We don't see things as they are; we see things as we are"
[text was edited by author 2002-10-20 21:11:30] |
|
kayfam
join:2002-02-27
Erie, PA
| reply to cantfoolme
cantfoolme,
Sorry about the typo, but I did post the direct link to the Symantec article which I know is correct. As far as the svchost.exe, yes it is a legitimate system file and anyone who has opened their task manager will usually find several instances of it running. In this case it's one that has been modified to appear as a legitimate file. |
|
Manik D
join:2001-03-23
Brooklyn, NY | reply to kayfam
Thanks for the heads up. |
|
corster
Premium
join:2002-02-23
Ottawa, ON
clubs: | reply to kayfam
McAfee doesn't have protection against this virus |
|
