HI,
Worms using P2P networks to propagate have one big problem: they are
usually masquerading as software, key generators, or cracks, but have
hard-coded file names, which means that once the software's new version is
out, the malware will be picked up with lesser frequency.
The author of WORM_PITUPI.K (discovered by Trend
Micro<http://blog.trendmicro.com/pirate-worm-sails-the-p2p-bay/>)
has found a way around that. The worm connects to Pirate Pay every time it's
executed, and uses the names of new software. It also copies of itself in
folders used in peer-to-peer networks, using file names of the most popular
software and games. Sometimes the number of copies created upon every
execution can reach 200. In time, the worm and its copies can occupy a
considerable share of the system's drives.
It's distribution potential is quite high. It propagates via P2P networks
and removable drives - alongside a copy of itself, it also drops an *
AUTORUN.INF* file so that every time the drives are used the copy of the
worm is automatically executed.
The worm has - so far - not shown any destructive tendencies. Although, its
source code is available on various underground forums, so the possibility
of it being modified to drop other malware or to open backdoors into the
system can't be disregarded.
<zeljka.zorz%28at%29net-security.org>
--
You received this message because you are subscribed to the Google Groups
"nforceit" group.
To post to this group, send an email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/nforceit?hl=en-GB.
