Win32/Zaka [Threat Name] go to Threat

Win32/Zaka.L [Threat Variant Name]

Category worm
Size 40960 B
Detection created Sep 16, 2002
Signature database version 1305
Aliases P2P-Worm.Win32.Zaka.l (Kaspersky)
  W32.HLLW.Kazkaz (Symantec)
Short description

Win32/Zaka.L is a worm that spreads via P2P networks.

Installation

When executed the worm copies itself in the following locations:

  • %windir%\­sendto\­Kazaa.exe
  • %windir%\­all users\­start menu\­programs\­startup\­Kazaa.e

This causes the worm to be executed on every system start.

Spreading

The worm copies itself into the root folders of the C:\ - Z:\ drives using the following name:

  • Kakaaa.exe
Spreading via P2P networks

Win32/Zaka.L is a worm that spreads via P2P networks.


The worm searches for shared folders of the following programs:

  • Kazaa

It tries to place a copy of itself into the folders.


The following names are used:

  • KazaKazaa NewsonKazaa.pif
  • Norton KazaaKazaa_full_Setup.exe
  • New_Kazaa_For_You!.exe
  • All_about_Kazaa.exe
  • Kazaa_Spanishexe.exe
  • Kazaa_ENGSTP.exe
  • Very_Warez_KazaaKazaa!!.exe
  • Kaza.exe
  • New_Kazaa_eng.exe
  • NewKazaa.exe
Other information

The worm may display the following message:

  • Error?????????????

The worm may set the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "%filename%" = "%filepath%"

A string with variable content is used instead of %filename%, %filepath% .

Please enable Javascript to ensure correct displaying of this content and refresh this page.