New worm on Kazaa

A new worm has been spotted on Kazaa. The virus was NOT found as a small suspicious executable, fake file, etc., but was attached to genuine programs and their installers (which are not SFX archives, making the user unable to unpack them on his own – the installer has to be executed, which activates the virus code, too). The programs install correctly and everything seems fine, but additionally, in the process, the virus is also discreetly “dropped” on the system.

It’s designed to do a variant of the old scam of generating fake banner clicks. It installs itself as mprexe64.exe and mprexe32.exe in your SYSTEM directory. It’s currently detected by Bitdefender.com and should be added to Kaspersky Antivirus today. A description of the virus from KAV Labs states that “Trojan Mprexe32.exe connects to the URL miniwish.com/missions, reads URLs from
the link and (…) increases access counters on these pages.”

That URL seems dead at this moment. It’s interesting to see that the website belongs to a supposedly legitimate company.

Related Posts

1. Duload Worm spreads through KaZaA network
2. New worm/Trojan: Kazoa.C Spreading fast thourgh Kazaa and IRC
3. KaZaa users warned of p2p worm
4. KWBot worm hits KaZaA
5. Mac and Linux viruses to rise ’significantly’