The Web    Google
6/7: Spybot-BZ Copies Itself to Folder

6/7: Spybot-BZ Copies Itself to Folder
June 7, 2004

W32/Spybot-BZ attempts to copy itself to CRCSSV.EXE in the Windows system folder. It creates entries in the registry at the following locations to run itself on system restart:


W32/Spybot-BZ copies itself to a folder called BACKUPS in the Windows system folder with the following filenames:


W32/Spybot-BZ then sets the following registry entry to enable sharing of these files with KaZaA:


More information is at Sophos page.

  • Understanding and Preventing DDoS Attacks
  • 9/22: Rbot-KJ Worm Has Backdoor
  • Disaster Recovery Still Just an IT Responsibility
  • 5/11: Rbot-ACH Worm Spreads Via Shares
  • 6/14: Spybot-CO Spreads via KaZaA Network
  • 9/20: Mydoom-Y Worm Connects To URL
  • Linux Privilege Escalation Hole Detected
  • AntiOnline Security Spotlight: IDS with an Open Source Twist
  • IT Budget Woes Hampering Real-Time Responsiveness
  • 9/16: Evaman-D Worm Kills Active Processes
  • 8/20: Rbot-GS Exploits Vulnerabilities
  • Home Security Camera Background