http://www.newsbytes.com/news/02/176684.html By Brian McWilliams, Newsbytes MUNICH, GERMANY 20 May 2002, 2:20 PM CST The creators of a new worm that targets users of the Kazaa file-trading network say they released the code to frustrate Internet users searching for pirated software and child pornography. Anti-virus software vendors have issued warnings that the so-called "Benjamin worm" is being unintentionally propagated among Kazaa users who download any of dozens of executable programs and screen savers that have been infected with the malicious code. According to one of its developers, Paul Komoszki, Benjamin is a "controlled test" of a program designed to disrupt the illegal exchange of copyrighted data and child porn over peer-to-peer networks. "We do not want to affect the exchange of legal programs and legal music files. Only users who are looking for and sharing copyrighted files could be infected," said Komoszki in an e-mail interview today. Once it infects a Kazaa user's computer, Benjamin creates numerous copies of itself under file names that may be of interest to other Kazaa users, according to anti-virus firms. Examples include borlanddelphi-full-downloader.exe and Braveheart-Special Edition-divx.exe, according to Kaspersky Labs. "After a few months it could be that there are more Benjamin files in p2p networks than warez files ... Within a few days Benjamin has spread very far in these illegal networks," said Komoszki. After creating a special directory on a victim's computer and filling it with infected files, Benjamin contacts a Web site in Germany to display a pop-up advertisement, Kaspersky said. The site, operated by Komoszki, has been disabled "due to massive abuse" according to a message at the page today. According to Komoszki, the pop-up was intended to generate income for the malicious program's creators and to fund the "advancement" of future versions of the software. Kazaa representatives did not respond to requests for information. Kazaa users can protect themselves from executable programs that contain Trojan horses by specifying that file types such as exe, scr, and vbs be excluded from their search requests. Kaspersky's write-up on Worm.Kazaa.Benjamin is at http://www.viruslist.com/eng/viruslist.html?idI790 - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue May 21 2002 - 05:04:09 PDT