The Web    Google
6/14: Spybot-CO Spreads via KaZaA Network

6/14: Spybot-CO Spreads via KaZaA Network
June 14, 2004

W32/Spybot-CO is a P2P worm that spreads via the KaZaA file sharing network. In order to be run automatically on system startup, the worm copies itself to a file named AUGMSG.EXE in the Windows system folder and sets the following registry entries to point to this file.

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\ augmsg=AUGMSG.EXE

The worm creates the folder %system%\kazaabackupfiles and copies itself there using certain file names. View them and other information at Sophos page.

  • MFPs ?An Overlooked Security Risk
  • Santy-A Worm Raises Fears Over New Trend
  • New Tool Helps Ensure Users Employ Strong Passwords
  • 12/30: Troj/Agent-FO Downloads Files
  • InstaGate SCM Offers Integrated Secure Content Management
  • 6/14: Sober-H Emails Messages in German
  • The Sober Virus Returns
  • Gates Sends Letter on Spam to Congress
  • Plenty of IM Security Holes Left to Plug
  • Netsky-C Hammers U.S. and U.K.
  • 12/28: W97M.Dinela a Macro Virus
  • Home Security Camera Background