Subscribe0 0
Lolol is a worm virus spreading via the Kazaa file sharing network.
The worm has a powerful backdoor routine which connects to an IRC channel where it accepts commands from its "master" (person controlling the worm).
The worm itself is a Windows PE EXE file about 60KB in length and written in Microsoft Visual C .
When the infected file is run an installation routine.
Installation
While installing the worm copies itself to the Windows system directory under the name "syscfg32.exe" and registers this file in two system registry auto-run keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Configuration Loader = syscfg32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Configuration Loader = syscfg32.exe
Spreading
The "Lolol" worm copies itself to the following directories:
C:\program files\kazaa\my shared folder\ C:\program files\kazaa lite\my shared folder C:\My Downloads\
Following are names "Lolol" copies itself under:
play station emulator crack.exe play station emulator.exe warcraft 3 serials.pif warcraft 3 crack.exe 100 free essays school.pif aol password cracker.exe aim password cracker aol cracker.exe aim cracker.exe steal usernames.exe how to hack.exe divx pro.exe how to use a shell.pif Virtua Girl (Full).exe worldbook.exe GTA 3 Serial.exe GTA 3 Crack.exe gta3.exe driver.exe virtua girl - adriana.pif virtua girl - bailey short skirt.pif
...e.t.c. (there is a total of about 80 different names).
Hot Articles