an interesting article i all ready gave a heads up on this worm today read it at this link if you all ready havent
http://www.antionline.com/showthread...hreadid=236622

heres the article

http://www.zdnet.com.au/newstech/sec...0269727,00.htm


While its overall impact has been limited to date, the recent outbreak of the Roron virus (aka W32/Oror-B) has served to remind P2P users of the added danger they face when downloading and swapping files.

Spreading by e-mail, local area and peer-to-peer networks Roron is the latest in a series of viruses which takes advantage of the increasingly popularity of file sharing technology.

The W32/Oror-B virus masquerades as a License Confirmation for the popular WinZip compression program and appears with the text:

"Your version of WinZip Self-Extractor is not licensed, or the license information is missing or corrupted. Please contact the program vendor or the web site (www.WinZip.com)for additional information"

As well as ensuring its propagation through local and P2P networks the virus installs a backdoor Trojan in the mIRC folder.

With the prevalence of such viruses increasing with the popularity of P2P technology, file-swapping technology Kazaa's owners Sharman Networks have taken measures to include a "lite" version of Bullguard software with each download.

"Kazaa won't be affected by a viral infection, but like email it is another door through which viruses can come to get into your network," explained Sharman Networks marketing manager Michael Liubinskas. "We recommend all users install anti-virus software, and the Bullguard brand is designed specifically to protect P2P networks."

Liubinskas went on to point out that the latest versions of the Kazaa download contained upgraded security features.

"If people are concerned regarding security they are best advised to log on to Kazaa and renew the download, because the latest version includes the Bullguard lite anti-virus software and a series of security patches which make Kazaa safer to use," Liubinskas says.

While anti-virus software vendors rate the Roron as a fairly low threat, most say they are monitoring the situation. Sophos recently posted an updated virus profile for Roron virus, and plans to integrate appropriate virus protection into its December 2002 software release.

"E-mail and P2P users should be aware of it but shouldn't be afraid in anyway," said Paul Ducklin, head of global support for Sophos. "We have only had one report from the wild at this stage."

Similarly Allan Bell, marketing director for Network Associates says while the virus has had a minimal impact, users are best advised to ensure their personal firewall is up to date, especially if they have recently installed a broadband connection.

"Really you should not be on broadband until you got a firewall in place," Bell said. "The risks are just too high."

Similarly Sharman Network's Liubinskas recommends P2P users scan all downloads to provide an extra level of protection against infection.