Malware type: VBScript

Aliases: Email-Worm.VBS.Clown.a (Kaspersky), VBS/Devan@MM (McAfee), VBS.Ednav.B@mm (Symantec), Worm/Clown.1 (Avira), VBS/Krusty-B (Sophos), Virus:VBS/Devan (Microsoft)

In the wild: No

Destructive: No

Language: Portuguese

Platform: Windows

Encrypted: No

Description: 
This destructive Visual Basic Script deletes files found in the "My Documents" folder. It propagates through VBS file infection and by sending itself over email via Microsoft Outlook. The details of the email that it sends out are as follows:

Subject: Network Problem
Message Body: Due to the recent problems with the email server, we have devised a program that will fix it up. You are requested to download the attached file and execute it at once. The whole setup will take 5 to 10 minutes. If your system crashes, just restart your computer and everything will be back to normal.

Please follow instructions carefully.

System Administrator
Network Management.
Attachment: <infected VBS file>

It also propagates via Kazaa, a peer-to-peer file sharing utility.

For additional information about this threat, see:
Solution
Technical Details

Description created: Sep. 4, 2002 5:09:22 PM GMT -0800
Description updated: Sep. 4, 2002 5:45:58 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.