Kazaa Benjamin Worm Means Well ?

Discussion in 'other security issues & news' started by Technodrome, May 21, 2002.

Thread Status:
Not open for further replies.
  1. Technodrome

    Technodrome Security Expert

    Feb 13, 2002
    New York
    The creators of a new worm that targets users of the Kazaa file-trading network say they released the code to frustrate Internet users searching for pirated software and child pornography.
    Anti-virus software vendors have issued warnings that the so-called "Benjamin worm" is being unintentionally propagated among Kazaa users who download any of dozens of executable programs and screen savers that have been infected with the malicious code.

    According to one of its developers, Paul Komoszki, Benjamin is a "controlled test" of a program designed to disrupt the illegal exchange of copyrighted data and child porn over peer-to-peer networks.

    "We do not want to affect the exchange of legal programs and legal music files. Only users who are looking for and sharing copyrighted files could be infected," said Komoszki in an e-mail interview today.

    Once it infects a Kazaa user's computer, Benjamin creates numerous copies of itself under file names that may be of interest to other Kazaa users, according to anti-virus firms. Examples include borlanddelphi-full-downloader.exe and Braveheart-Special Edition-divx.exe, according to Kaspersky Labs.

    "After a few months it could be that there are more Benjamin files in p2p networks than warez files ... Within a few days Benjamin has spread very far in these illegal networks," said Komoszki.

    After creating a special directory on a victim's computer and filling it with infected files, Benjamin contacts a Web site in Germany to display a pop-up advertisement, Kaspersky said.

    The site, operated by Komoszki, has been disabled "due to massive abuse" according to a message at the page today.

    According to Komoszki, the pop-up was intended to generate income for the malicious program's creators and to fund the "advancement" of future versions of the software.

    Kazaa representatives did not respond to requests for information.

    Kazaa users can protect themselves from executable programs that contain Trojan horses by specifying that file types such as exe, scr, and vbs be excluded from their search requests.

    Kaspersky's write-up on Worm.Kazaa.Benjamin is at http://www.viruslist.com/eng/viruslist.html?idI790 .

    Reported by Newsbytes, http://www.newsbytes.com

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.