I know its been around a couple af days now but i thought i would post this clip from F-secure info.
The Benjamin worm uses Kazaa p2p (peer-to-peer) network to spread. Much like Napster, The Kazaa network allows its participants to exchange files with each other, using dedicated Windows-based software. Kazaa typically has more than one million users online at the same time, exchanging media files with each other.
Benjamin virus only works on Windows workstations which have the Kazaa program installed, When the virus is started, it shows a fake error message to the user:
Access error #03A:94574: Invalid pointer operation File possibly corrupted.
After this the worm creates hundreds of files to the users hard drive and shares them to other Kazaa users. These files are actually copies of the worm itself, but they have been named to fool people into downloading them. Examples include:
"Deepest Purple-The Very Best of Deep Purple - Smoke on the Water"
"Metallica - Until it sleeps"
"Johann Sebastian Bach - Brandenburg Concerto No 4"
"South Park Vol.3-divx-full-downloader"
"Star wars Episode 1-divx-full-downloader"
"F1 Racing Championship-Games-full-downloader"
The total list of filenames contains over 2000 entries. Apparently this
list has been created by monitoring most popular searches being made in the
Kazaa network. The size of the shared infected files varies between 200 and
800 kB. These files always .EXE or .SCR extension, but it has often been
hidden by prepending dozens of space characters between the filename and