inssane and Marvin used our newssubmit to tell us that a worm uses the Kazaa file exchange P2P network to spread itself. The worm hides on the infected computers shared files and becomes active when downloaded and opened.
The worm masks itself so the downloader doesn't suspect it's downloading a virus. The worm opens a web-site to display an advertisement.
Error: Access error #03A : 94574: Invalid pointer operation File possibly corrupted.
The worm executes after system restarts.
Spreading can most likely only take place if the KaZaa P2P client (software) is installed. Benjamin reads the system registry for information on the Kasaa client and creates the
%WinDir%TempSys32 directory catalog that registers as the directory accessible to all KaZaa network users. It fills this directory with copies of itself listed under numerous various names from a list contained in the body of the worm.
Benjamin is written in Borland Delphi and is approximately 216 Kb in size - it is compressed by the AsPack utility. The size of a file can vary greatly as the worm ends each file with "dust" for masking.
As always be carefull what you download and open, this is still the best remedy against virusses. Read the entire warning here.
Source: Viruslist.com
