Win32/Zaka [Threat Name] go to Threat
Win32/Zaka.N [Threat Variant Name]
Category | worm |
Size | 40960 B |
Aliases | P2P-Worm.Win32.Zaka.n (Kaspersky) |
W32.HLLW.Icasur (Symantec) | |
W32/Zaka.worm.gen!p2p (McAfee) |
Short description
Win32/Zaka.N is a worm that spreads via P2P networks.
Installation
When executed the worm copies itself in the following locations:
- %windir%\sendto\Kilme.exe
- %windir%\all users\start menu\programs\startup\Killl.e
This causes the worm to be executed on every system start.
Spreading
The worm copies itself into the root folders of the C:\ - Z:\ drives using the following name:
- Killme.exe
Spreading via P2P networks
Win32/Zaka.N is a worm that spreads via P2P networks.
The worm searches for shared folders of the following programs:
- Kazaa
It tries to place a copy of itself into the folders.
The following names are used:
- Kaboomall Openthisone.exe
- Kazaaa Kaboon_new_version_en.exe
- My_Sister_Naked!!!.exe
- Naked_teen_new!.exe
- ry_teen_girl_new.exe
- Cool_sexys!!.exe
- Porn_Teens_noy_censured.exe
- Kaza.exe
- XXX_teen_Girl.exe
- Killall!.exe
Other information
The worm may display the following message:
- Error?????????????
The worm may set the following Registry entries:
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- "%filename%" = "%filepath%"
A string with variable content is used instead of %filename%, %filepath% .