P2P-Worm.Win32.Mareta

Class P2P-Worm
Platform Win32
Description

Technical Details

This worm spreads via the Kazaa file-sharing network by infecting files.

The worm itself is a Windows PE EXE file, written in Delphi and packed using UPX. The packed file is 43008 bytes and the unpacked file is 209KB in size.

The worm changes the Internet browser home page.

Installation

When launched, the virus copies itself to the C: root directory and adds its own name to the following system registry key:

[HKLMSoftwareMicrosoftWindowsCurrentVersionRun]

thus ensuring the worm file will be launched every time Windows is restarted.

Signs of infection

The worm will cause the following message to be displayed:

[Marietta Virus]
[Mr. Splash]

    Hi and remember: pornography is _very bad_! HAPPY NEW YEAR!