Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » VBS/Updatr.A

Overview

Threat Risk LOW LOW
Destructivity NONE NONE
Payload
Detection files published 05 Dec 2001 03:00:00
Description created 06 Dec 2001 09:54:00
Description updated 26 Nov 2002 04:30:00
Malware type WORM
Alias
Spreading mechanism NETWORK
OTHER
Summary None

VBS/Updatr.A

Spreading

This script will, when run, go through all directories on all accessible drives and create copies of itself. The copies will be named like already existing DOC, EXE or TXT files, with the exception that the files will have an extra VBS extension. F.ex. MyDocument.doc will be accompanied by a small script called MyDocument.doc.vbs. This script is a worm by itself, and does not spread or help the original worm that dropped it in any way.



Payload Details

On the 12th of any month the worm will show a small messagebox:


Hi there.., you are infected by some of
IWING creations.., have a nice day


Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:11