Win32/Zaka [Threat Name] go to Threat

Win32/Zaka.N [Threat Variant Name]

Category worm
Size 40960 B
Detection created Dec 11, 2002
Signature database version 1335
Aliases P2P-Worm.Win32.Zaka.n (Kaspersky)
  W32.HLLW.Icasur (Symantec)
  W32/Zaka.worm.gen!p2p (McAfee)
Short description

Win32/Zaka.N is a worm that spreads via P2P networks.

Installation

When executed the worm copies itself in the following locations:

  • %windir%\­sendto\­Kilme.exe
  • %windir%\­all users\­start menu\­programs\­startup\­Killl.e

This causes the worm to be executed on every system start.

Spreading

The worm copies itself into the root folders of the C:\ - Z:\ drives using the following name:

  • Killme.exe
Spreading via P2P networks

Win32/Zaka.N is a worm that spreads via P2P networks.


The worm searches for shared folders of the following programs:

  • Kazaa

It tries to place a copy of itself into the folders.


The following names are used:

  • Kaboomall Openthisone.exe
  • Kazaaa Kaboon_new_version_en.exe
  • My_Sister_Naked!!!.exe
  • Naked_teen_new!.exe
  • ry_teen_girl_new.exe
  • Cool_sexys!!.exe
  • Porn_Teens_noy_censured.exe
  • Kaza.exe
  • XXX_teen_Girl.exe
  • Killall!.exe
Other information

The worm may display the following message:

  • Error?????????????

The worm may set the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "%filename%" = "%filepath%"

A string with variable content is used instead of %filename%, %filepath% .

Please enable Javascript to ensure correct displaying of this content and refresh this page.