W32/Backzat-K

Discussion in 'malware problems & news' started by FanJ, Jun 11, 2003.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    W32/Backzat-K
    Aliases : I-Worm.BatzBack.i, WORM_BACKZAT.A

    Type : Win32 worm

    Description
    W32/Backzat-K spreads via mIRC, AIM95 and the KaZaA file-sharing network.

    Upon execution the worm copies itself as BatzBack.scr to the Windows and Windows System folders and sets the following registry entry with the path to
    the copy in the Windows folder:

    HKLM\Software\Microsoft\Windows\Current Version\Run\BatzBack

    To spread through the KaZaA file-sharing network and AIM95 the worm attempts to copy itself as EnimEmSpearsBritney.scr and BuddyShare.exe to the KaZaA shared folder and Program Files\AIM95 respectively.

    To spread through IRC the worm modifies or creates script.ini so that Batzback.scr is sent to other users who join the current channel.

    http://www.sophos.com/virusinfo/analyses/w32backzatk.html
     
  2. FanJ

    FanJ Guest

  3. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
Thread Status:
Not open for further replies.