Kowbot worm targets Kazaa network

"By James Middleton [01-07-2002]

Virus masquarades as appealing media files

Users of the Kazaa file-sharing network were today warned about the second virus in as many months to infect users.

The virus, known as the Kowbot worm, is able to take control of the victim's computer as well as update itself automatically and send information out from the host machine. It can also be used as a remote control internet relay chat (IRC) bot and to attack IRC chat servers."

Rest of article here: http://www.vnunet.com/News/1133129 . Pete

 

I've had over 60 hits to my Port #1214 since 22:51 from the Kazaa Service, various Intruder IP's. And, what's really strange is the Local IP is not mine! I suppose it's on my LAN. I shall report to my ISP and I have already sent this data to Dshield. My ZA is lit up like a Xmas tree! The time is now 23:22!

 

Hello,

This has nothing to do with the new worm and that's not really "intruders".
If your are a user o kazaa or if your IP was formerly used by someone using kazaa, simply other PC ping this address to see whether it's still available for
d/l. I happened to get hundreds of probes a day on port 1214 or gnutella port 6346 or 5631 default port PCAnywhere

Just change you dynamic IP and you will be quiet (unless you get one also use by a kazaa user )

As for the address being not one of yours, how could ZA warn if not one of the interfaces of the PC he is protecting ?

You may easily know your IP's : IPCONFIG /ALL (Win2k ir XP)
or winipcfg (Win95/98/Me)

Rgds,

JacK

 

I had the same IPs for along time and never used those networks. I haven't had a single proble on those ports. All SQL server, Sub7, ftp, and a few other straglers

 

JacK is right (of course)

I used KaZaa before the record companies hired some viruswriters ( I'm joking, obviously) and do get about 40 of these checks on port 1214 every evening.

Prince_Serendip, you must have some interesting stuff to d/l

Regards,

Pieter

 

For those looking for a removal tool: http://php.zdnet.de/download/showprg-wc.php3?id=de0DP1

[EDIT] Bitdefender has added a tool to their collection as well:
http://www.bitdefender.com/html/free_tools.php [/EDIT]

Regards,

Pieter

 

Thanks for the reassurances! I got very excited because I have NEVER had probes from the Kazaa Service before. And also, never have I had an alternate Local IP come up before! I will check my IP cfg. What's really bizarre is this all started after I read this posting last night. Weird!

(At the time, I couldn't check on it because I had to leave right away.) I informed my ISP about the different IP showing up on the ZA reading. They said they'd check from their end. I do not use Kazaa. Never have, not ever!

 

I used winipcfg in the Run Command. My Local IP is set to 0.0.0.0 These are default settings of my ISP's DSL Program. Can I or should I enter my actual IP? Something else? I can also check this with my ISP. What do you think?

I checked this through at Dshield, and you're right. It's of Low Danger/Priority (green). (This whole thing is about my learning more a little at a time! This is good. Thanks for the patience.)