TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
VBS_REDLOF.A
Overview
Solution

Malware type: VBScript

Aliases: Virus.VBS.Confi (Kaspersky), VBS/Redlof-A (Sophos),

In the wild: Yes

Destructive: Yes

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP

Encrypted: Yes

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Infection Channel 1 : Propagates via email

Infection Channel 2 : Infects files

Infection Channel 3 : Propagates via software vulnerabilities

Description: 

This VBScript infects files by searching for all disk drives and subfolders for files that have any of the following file name extensions:

  • VBS
  • HTML
  • HTM
  • ASP
  • PHP
  • JSP
  • HTT

To spread copies of itself, it infects the stationery file, BLANK.HTM, of Microsoft Outlook Express. Thus, this VBScript may spread through outgoing email messages, which may become infected.

It also takes advantage of the VM ActiveX Component vulnerability to propagate across networks. For more information regarding the said vulnerability, refer to the following Web page:

For additional information about this threat, see:
Solution
Technical Details

Description created: Apr. 30, 2002 10:00:00 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.