Aliases: Win32.Benjamin.a, Worm/Kazaa, W32/Kazoa , WORM_BENJAMIN.A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Slow
Geographical info: Asia, North and South America and Europe
Removal: Easy
Platform: W32
Discovered: 16 May 2002
Damage: High

Characteristics: The Worm.Benjamin.A application is a worm that creates itself through the use of Peer to Peer (P2P) network which allows exchanging files using the Kazaa software. This is written in Borland Delphi. Its first appearance was on May 16, 2002. It is 216 kilobytes in size and its data can increase 2-3 times.

More details about W32.Benjamin.Worm

Worm programs have the capability of spreading themselves. Once they have entered a computer, they will proceed to using installed programs to infect others. The applications often use the user’s instant messaging and e-mail accounts to send copies of itself. This program may also drop copies in a folder shared via a P2P (peer-to-peer) program already installed on the system. These copies are often disguised as popular downloads so that others will download them. Infected files may also be placed in resources shared via a LAN (Local Access Network) connection. The Worm.Benjamin.A application is considered to have a low-profiled risk since it is not spread widely. This virus easily spreads if the Kazaa P2P software is installed. It disguises as music or movie software files which copies itself to the % WinDir% \SYSTEM or C:\%Windows%\Temp\Sys32 directory under many names or titles.

More than 2000 titles are used to replicate the worm in the system. The settings will then change into Kazaa download which allows other Kazaa users to download files. After downloading, it shows a false report message that says "Error Access error #03A:94574: Invalid pointer operation File possibly corrupted". Then, it begins the spread of the virus. Once the user downloads files or runs the error program, the worm immediately propagates. Then, the virus launches the website Benjamin.xww.de, which is the indication that the computer system is already infected. It affects popular Operating System platforms like the Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT and Windows XP.