|
Description:
This destructive Visual Basic Script worm is a variant of the infamous VBS_LOVELETTER. It propagates by sending copies of itself with random file names to all contacts listed in the Microsoft Outlook address book.
This worm arrives attached on email with the following characteristics:
Subject:
US PRESIDENT AND FBI SECRETS =PLEASE VISIT => (HTTP://WWW.2600.COM)>=
or
<6 randomly generated capital letters>
Message body:
VERY JOKE..! SEE PRESIDENT AND FBI TOP SECRET PICTURES..
or
<10 randomly generated characters>
Attachment: <random file name>
The attachment file name uses 4 to 8 characters, with every other character a vowel starting with the second character. It uses any of the following file extensions:
- .BMP.vbs
- .GIF.vbs
- .JPG.vbs
For example, the worm attachment could have the names RUFO.GIF.vbs, TILOPA.BMP.vbs, or HIGOFUQA.JPG.vbs.
This worm overwrites certain image and script files with its code. It modifies the Internet Explorer home page and replaces the Windows shutdown images. If the current system date is September 17, it disconnects network drives from the system and displays a message box.
For additional information about this threat, see:
Solution
Technical Details
Description created: Nov. 3, 2000 1:16:11 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
