Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » VBS/Updatr.C

Overview

Threat Risk NONE NONE
Destructivity NONE NONE
Payload
Detection files published 29 Jul 2001 03:00:00
Description created 11 Dec 2001 05:45:00
Description updated 11 Dec 2001 05:45:00
Malware type WORM
Alias
Spreading mechanism NETWORK
OTHER
Summary None

VBS/Updatr.C

Spreading

This script will, when run, go through all directories on all accessible drives and create copies of itself. The copies will be named like already existing DOC, EXE, DLL or TXT files, with the exception that the files will have an extra VBS extension. F.ex. MyDocument.doc will be accompanied by a small script called MyDocument.doc.vbs. This script is a worm by itself, and does not spread or help the original worm that dropped it in any way.

Payload Details

On the 12th of any month the worm will show a small messagebox:

Hi there.., you are infected by some of
IWING creations.., Poly & crypt By. Iwing - have a nice day


Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:14