KaZaa users warned of p2p worm

Share this article:

Researchers are warning peer-to-peer (p2p) application users of a new proof-of-concept virus that acts similarly to the W97M/Melissa malware.

The virus, MSH/Cibyz, which is based on Windows PowerShell, was released by members of the RRLF virus group, according to an advisory from McAfee.

PowerShell is a command line shell and scripting language that runs on Microsoft XP, Windows Server 2003, Vista and Longhorn operating systems.

The malware is a low risk to home and corporate users, according to a McAfee advisory. However, it can create a copy of itself in the Windows system directory and then modifies registry keys so users cannot view hidden files and extensions.

The virus also randomly sets Internet Explorer's start page and propagates by dropping a copy of itself in Shared KaZaa folders, according to an advisory in McAfee's Threat Center.

Microsoft confirmed in the existence of the PoC worm on Saturday by a posting on its Most Valuable Professional website.

FaceTime Communications also released an advisory for the worm this week. A company representative declined comment on the malware.

Ron O'Brien, senior security analyst at Sophos, said today that malware attacking applications like KaZaa are something his company is "seeing more and more."

"I think this is making KaZaa a potentially unwanted application," he said. "Once you open up that peer-to-peer tunnel, anything can come through."

Share this article:

Sign up to our newsletters

More in News

AOL Mail hack furthers spam campaign using spoofed accounts

AOL confirmed on Monday that it was aware of the issue and working to remediate the situation.

Backdoors in Wi-Fi routers, said to be closed, can be reopened

Backdoors in Wi-Fi routers, said to be closed, ...

Although said to be patched, researcher Eloi Vanderbeken discovered during the Easter holiday that backdoors existing in certain wireless routers can be reactivated.

Apple ships Mac OS X updates, fixes several code execution bugs

Apple ships Mac OS X updates, fixes several ...

Among the addressed vulnerabilities, was a bug affecting WindowServer, which could allow an attacker to execute malicious code outside the sandbox.