Worm.P2P.Togod Togod is an Internet worm spreading in the KaZaa peer-to-peer file sharing network. The worm replicates by copying itself into KaZaa shared folder. Togod is a Windows application (PE EXE file) about 100KB in size (compressed by UPX, the decompressed size is about 175KB), written in Delphi. The worm copies itself to the KaZaa directory using the following names: borland delphi 6 enterprise.exe paltalk crack.exe paltalk.exe visual basics .NET.exe visual basics 6.exe visual c++.exe c++ compiler.exe anal whore getting it from 2 guys in the ass.gif.exe blond slut gets in every hole.gif.exe porno slideshow.gif.exe Star wars episode 2.mpg.exe Britney spears naked.gif.exe Windows XP Pro with cd key.exe Windows xp cd key keygen.exe borland software keygen.exe microsoft apps keygen.exe kiddie porn 9 year old.gif.exe kiddie porn 14 year old.gif.exe Adobe photoshop 7.exe Adobe Photoshop 6.exe Macromedia Flash 6 MX.exe The Matrix Reloaded MOVIE.exe counter strike.exe half life with cd key.exe counter strike cd key.exe command and conquer renegade keygen.exe password cracker.exe hotmail password stealer.exe aol password stealer.exe CloneCD.exe CloneCD Keygen.exe Conceal PC Firewall.exe Credit Card Generator.exe Adult Password Generator.exe DSL Uncapper.exe hacking tools 2002.exe Ghost Recon.exe ICQ hack.exe lesians *******.mpeg.exe Macromedia Flash MX.exe Macromedia Flash 5.exe Kazaa advertisement remover.exe Kazaa ad remover.exe Max Payne Full iso.exe Max Payne.exe Microsoft Visual C++ 7.0 iso.exe norton antivirus 2002.exe Nero cd burning 5.5 full.exe Microsoft Office XP Professional full.exe X Box Xbox emulator.exe Quake 4 beta.exe Norton firewall 2002.exe Blackice firewall.exe Return To Castle wolfenstein iso.exe Soldier Of Fortune 2 full iso.exe Star wars episode 2 attack of the clones.exe Warcraft 3 full iso.exe Warez finder (download and verify).exe XXX password stealer.exe ZoneAlarm pro firewall.exe AOL password stealer.exe Hotmail password stealer.exe Yahoo password stealer.exe xxx-playboy.exe.jpg xxx site password stealer.exe hackers hand book.exe The Togod worm then displays a fake error message: Error Error loading RCDATA The worm also creates a randomly named EXE file in the Windows directory where it writes the code for "Backdoor.Lithium" and executes it. Togod also contains the text: Hello to all the av's i hope to god norton doesnt detect this first... that would be sad. Hell yeah kaspersky! For more details please visit the Kaspersky Virus Encyclopedia at: http://www.viruslist.com/eng/viruslist.html?id=57997