off topic: virii & boojums & worms, oh my!

[terapin]

Sure, like everybody else I always check conspicuous d/ls, but yesterday one got past me. My system became infected with benjamin.worm.a. For those in the know, my question is simple:
This worm is specific to environments that have KaaZaa installed, but I do not, nor have I ever used KaaZaa. Is DC++ (ver 0.24) similar enough that it passes as KaaZaa-like, allowing the worm to spread, or is the worm stuck in a bottle from which there is no escape? (Technically, I suppose the question is does the worm link its' nest (system32) to the DC++ shares?)

one dumb dork = one infected hub

[Charalambos]

On Symantec Page you can find lots of info about the worm.

NOTE: For W32.Benjamin.Worm to spread, it requires that the KaZaA software be installed on the computer

So you see, you need to have kazaa installed to give it the possibility to spread.
But once you have the worm on your system, you have to get rid of it, for it has its effect without kazaa installed (needs kazaa only to spread).

Read through the page, you'll find interesting info about what it does.

There is also a section about "removal instructions", so you can get rid of it.

Godd luck.

[Charalambos]

This worm is specific to environments that have KaaZaa installed, but I do not, nor have I ever used KaaZaa.

The worm creates the C:\%Windows%\Temp\Sys32 folder. It then changes the KaZaA download folder settings so that this new folder is accessible to other KazaA network users. This allows other KaZaA users to download files from that location

If someone doesnt watch out while he has got this worm in his shares and someone downloads it then...

[rancidmilk2go]

Well about a month ago I installed what could be described as a Spyware Bundle from K-Lite


It was Zipped, and had an installer (thinking it was Red aLert II ) It installed every spyware program out there. Spybot found like 7 Dialers and Trojan's (Cydoor, ~2, Track IT). Annoying, needless to say