A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | Encyclopedia Home
Also see: Hoax Encyclopedia | Repair Center | News Briefs | Glossary | Infected Attachments | Prevention Center
|
K0wbot
Type: Peer-to-Peer file sharing virus
Description: According to BitDefender, K0wbot creates a copy of itself, named EXPLORER32.EXE, in the C:\Windows\System subfolder. K0wbot modifies the registry, adding the value 'EXPLORER32.EXE' to the following registry keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
This allows the worm to load upon Windows startup. The K0wbot worm also enables sharing of KaZaA files (assuming it has been disabled) and copies itself to the KaZaA shared folder using names of various software, movie, and music titles.
Though the original K0wbot does not have a malicious payload, the worm does include the ability to self-update and provides remote access via the IRC network.
Aliases: Backdoor.K0wbot, kwbot, W32.Kwbot.Worm
Systems Affected: Windows systems using the KaZaA network.
Payload: Creates file share on affected users' drives; contains remote access capabilities
ITW: Yes
Origin:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
