Welcome to the Virus Encyclopedia of Panda Security.
|Effects: ||It opens a communications port and sends the IP address of the affected computer to the virus authors. This leaves the computer exposed to remote attacks. It also ends processes belonging to antivirus programs, among others.
|Detection updated on:||Feb. 11, 2003|
Kazoa.C is a worm that also acts as a very dangerous Trojan, as it opens a communications port in the affected computer (usually 31337). Then it sends the IP address and the number of the open port to the attackers. This leaves the affected computer vulnerable to remote attacks.
Kazoa.C uses KaZaA and IRC chat channels in order to spread quickly. KaZaA is a program that allows Internet users to share files containing music, videos, texts, images, etc.
Kazoa.C creates a large number of infected files whose names can refer to erotic photos of famous people or IT utilities, among others. The worm does this in order to trick KaZaA users into downloading the infected files.
Kazoa.C is very easy to recognize as it reaches computers in an executable file with the following icon:
NOTE: The icon of the executable file is the bear icon that appears above. However the file name will be the name of the file that the user has downloaded (for example PAMELA_ANDERSON_NAKED.TXT.EXE). It is important not to confuse the file that carries out the Kazoa.C infection with an important Windows sytem file (JDBGMGR.EXE) that has the same icon and can be found in all Windows computers.
When the executable file is run, Kazoa.C carries out its infection and displays a window with the title: Are you feeling Haxxored?