KaZaa users warned of p2p worm

Share this article:

Researchers are warning peer-to-peer (p2p) application users of a new proof-of-concept virus that acts similarly to the W97M/Melissa malware.

The virus, MSH/Cibyz, which is based on Windows PowerShell, was released by members of the RRLF virus group, according to an advisory from McAfee.

PowerShell is a command line shell and scripting language that runs on Microsoft XP, Windows Server 2003, Vista and Longhorn operating systems.

The malware is a low risk to home and corporate users, according to a McAfee advisory. However, it can create a copy of itself in the Windows system directory and then modifies registry keys so users cannot view hidden files and extensions.

The virus also randomly sets Internet Explorer's start page and propagates by dropping a copy of itself in Shared KaZaa folders, according to an advisory in McAfee's Threat Center.

Microsoft confirmed in the existence of the PoC worm on Saturday by a posting on its Most Valuable Professional website.

FaceTime Communications also released an advisory for the worm this week. A company representative declined comment on the malware.

Ron O'Brien, senior security analyst at Sophos, said today that malware attacking applications like KaZaa are something his company is "seeing more and more."

"I think this is making KaZaa a potentially unwanted application," he said. "Once you open up that peer-to-peer tunnel, anything can come through."

Share this article:

Sign up to our newsletters

More in News

Incapsula mitigates multi-vector DDoS attack lasting longer than a month

Incapsula mitigates multi-vector DDoS attack lasting longer than ...

Incapsula's scrubbing servers were able to filter out more than 50 petabits of malicious DDoS traffic aimed at a video game company for longer than a month.

UPS announces breach impacting 51 U.S. locations

The shipping and printing provider said malware has been present on some stores' computer systems since mid-January.

'Machete' espionage campaign targets orgs in Venezuela, Ecuador

The campaign targets Spanish speaking victims, which also appears to be the native language of attackers.