Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Its Creator Says Kazaa Benjamin Worm Means Well

From: InfoSec News <isn () c4i org>
Date: Tue, 21 May 2002 04:29:45 -0500 (CDT)
http://www.newsbytes.com/news/02/176684.html

By Brian McWilliams, Newsbytes
MUNICH, GERMANY
20 May 2002, 2:20 PM CST
 
The creators of a new worm that targets users of the Kazaa
file-trading network say they released the code to frustrate Internet
users searching for pirated software and child pornography.

Anti-virus software vendors have issued warnings that the so-called
"Benjamin worm" is being unintentionally propagated among Kazaa users
who download any of dozens of executable programs and screen savers
that have been infected with the malicious code.
 
According to one of its developers, Paul Komoszki, Benjamin is a
"controlled test" of a program designed to disrupt the illegal
exchange of copyrighted data and child porn over peer-to-peer
networks.

"We do not want to affect the exchange of legal programs and legal
music files. Only users who are looking for and sharing copyrighted
files could be infected," said Komoszki in an e-mail interview today.

Once it infects a Kazaa user's computer, Benjamin creates numerous
copies of itself under file names that may be of interest to other
Kazaa users, according to anti-virus firms. Examples include
borlanddelphi-full-downloader.exe and Braveheart-Special
Edition-divx.exe, according to Kaspersky Labs.

"After a few months it could be that there are more Benjamin files in
p2p networks than warez files ... Within a few days Benjamin has
spread very far in these illegal networks," said Komoszki.

After creating a special directory on a victim's computer and filling
it with infected files, Benjamin contacts a Web site in Germany to
display a pop-up advertisement, Kaspersky said.

The site, operated by Komoszki, has been disabled "due to massive
abuse" according to a message at the page today.

According to Komoszki, the pop-up was intended to generate income for
the malicious program's creators and to fund the "advancement" of
future versions of the software.

Kazaa representatives did not respond to requests for information.

Kazaa users can protect themselves from executable programs that
contain Trojan horses by specifying that file types such as exe, scr,
and vbs be excluded from their search requests.

Kaspersky's write-up on Worm.Kazaa.Benjamin is at
http://www.viruslist.com/eng/viruslist.html?idI790



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: