Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » VBS/VBSWG.X@mm.Worm

Overview

Threat Risk LOW LOW
Destructivity LOW LOW
Payload
Detection files published 08 May 2001 03:00:00
Description created 08 May 2001 03:00:00
Description updated 08 May 2001 03:00:00
Malware type WORM
Alias Homepage
Spreading mechanism EMAIL
Summary None

VBS/VBSWG.X@mm.Worm

Spreading

It uses MS Outlook to spread itself. If the user click on the attachment the worm will send itself to all addresses in all address books in Outlook. The mass mail routine will normally be executed only once. To keep track on that the worm will create a registry key, HKCU\software\An\mailed, and set this to 1 the first time its mass mail routine is executed. This indicates that the mass mail routine already has been executed and if a new infected file is executed at the same machine no email will be sent out. All mails sent by the worm will be deleted from MS Outlook Outbox.

Payload Details

When executed the worm will copy itself as homepage.HTML.vbs to Windows' temporary folder, and it will open one of four web sites with pornographic content in the default web browser.

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:11