WORM_ASSIRAL.C - Description and solution

TrendLabs Malware Blog

Glossary

TrendWatch

TrendLabs Twitter

WORM_ASSIRAL.C

Overview

Solution

Technical Details

Malware type: Worm

Aliases: VBS.Assiral.B, W32.Assiral.B@mm, W32/Assiral-B, W32/Laris.worm, Worm:Win32/Assiral.C

In the wild: Yes

Language: English

Platform: Windows 95, 98, ME, NT, 2000. XP

Overall risk rating:

Reported infections:
Damage potential:		High
Distribution potential:		High

Description:

This worm may arrive via email, from a diskette, or through a network mapped drive. It uses several attractive file names to entice users into running its dropped copy.

This worm also drops a Visual Basic script file in the Windows folder named WINVBS.VBS. This file contains codes that modify the registry, and disables the Windows explorer, registry editor, and 16 bit applications. It also hides the remote administration page in present and remote mapped drives.

Using Internet Explorer, this worm attempts to open an updated version of itself from the following Web site:

<

>

It sends itself as an email attachment using MAPI. The email message it sends may contain the following details:

Subject: (any of the following)
� I LOVE YOU
� Re: Account Info
� Re: Docs
� Re: Information
� Re: Letter
� Re: Message
� Re: My Letter
� Re: Your Documents
� Re: Your Email Info
� Windows Update

Message body: (any of the following)
� Dear Windows User,
� Info reguarding your Email account is in the attachments.
� Information attached.
� Kindly read and reply to my LOVE LETTER in the attachments :-)
� My letter is in the attachments.
� Please download the windows update included in the attachments.
� Please read the documents included in the attachments
� The documents you requested are in the attachments.
� The letter you requested is in the attachments.
� The message is located in the attachments.
� Your email account is about to expire, please check the attachments for details.

Attachment: (any of the following)
� Attached_Message.exe
� Beautiful Ass.pif
� bedroom-things.pif
� bedroom-thongs.pif
� cz.exe
� Documents.exe
� Drunk_lol.pif
� hahahaha.pif
� Hot.pif
� Hot.pif
� Important_Message.exe
� Information.exe
� ISASS.EXE
� John Kerry as Super Chicken.scr
� Kool.pif
� Letter.exe
� LMAO.pif
� LOL.scr
� LOL.scr
� LOVE_LETTER_FOR_YOU.exe
� love_me.pif
� Me & you pic!.pif
� Me Pissed!.pif
� me_2005.pif
� Message.exe
� Microsoft_Update.exe
� msnmsr.exe
� msnus.exe
� my_pussy.pif
� naked_drunk.pif
� naked_drunk.pif
� naked_party.pif
� new_webcam.pif
� new_webcam.pif
� nvsc32.exe
� osm.exe
� Private_Document.exe
� Private_Letter.exe
� ROFL.pif
� ROFL.pif
� sexy.jpg
� sexy.pif
� sexy_bedroom.pif
� She Could Fit her Ass in a Teacup.pif
� she's fuckin fit.pif
� sister.pif
� titanic2.jpg.pif
� underware.pif
� updates.exe
� Webcam.pif
� Webcam.pif
� Webcam_004.pif
� winhost.exe
� winis.exe

For additional information about this threat, see:
Solution
Technical Details

Description created: Mar. 2, 2005 12:10:12 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.