W32/Zipwire-A

Category:	Viruses and Spyware	Protection available since:	15 May 2008 16:54:08 (GMT)
Type:	Win32 worm	Last Updated:	15 May 2008 16:54:08 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Zipwire-A is a peer-to-peer worm for the Windows platform that spreads using the LimeWire and FrostWire file sharing applications.

W32/Zipwire-A arrives as a zip archive containing a single file named Setup.exe, typically downloaded from the file sharing network.

W32/Zipwire-A contains a backdoor that connects to an IRC server and allows a remote user to access the computer.

W32/Zipwire-A creates a zipped copy of itself in <Windows>\Fonts\a.zip and shares it on the peer-to-peer network using the names of popular shared files.

W32/Zipwire-A obtains a list of potential filenames for copies of itself shared on the peer-to-peer network by downloading torrent listing pages from several BitTorrent tracking sites and parsing them for torrent filenames.

When first run W32/Zipwire-A copies itself to <Windows>\Fonts\svchost.exe and <Windows>\Fonts\Setup.exe and creates the following registry entry in order to run on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Host Process
<Windows>\Fonts\svchost.exe

Try Sophos products for free
Download now

W32/Zipwire-A

Free Mac Anti-Virus

Popular topics