KaZaa users warned of p2p worm

Researchers are warning peer-to-peer (p2p) application users of a new proof-of-concept virus that acts similarly to the W97M/Melissa malware.

The virus, MSH/Cibyz, which is based on Windows PowerShell, was released by members of the RRLF virus group, according to an advisory from McAfee.

PowerShell is a command line shell and scripting language that runs on Microsoft XP, Windows Server 2003, Vista and Longhorn operating systems.

The malware is a low risk to home and corporate users, according to a McAfee advisory. However, it can create a copy of itself in the Windows system directory and then modifies registry keys so users cannot view hidden files and extensions.

The virus also randomly sets Internet Explorer's start page and propagates by dropping a copy of itself in Shared KaZaa folders, according to an advisory in McAfee's Threat Center.

Microsoft confirmed in the existence of the PoC worm on Saturday by a posting on its Most Valuable Professional website.

FaceTime Communications also released an advisory for the worm this week. A company representative declined comment on the malware.

Ron O'Brien, senior security analyst at Sophos, said today that malware attacking applications like KaZaa are something his company is "seeing more and more."

"I think this is making KaZaa a potentially unwanted application," he said. "Once you open up that peer-to-peer tunnel, anything can come through."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.