TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_VB.CBW
Overview
Solution

Malware type: Worm

Aliases: Worm.Win32.VB.gp (Kaspersky), W32/USBAgent (McAfee), W32.SillyFDC (Symantec), TR/Crypt.CFI.Gen (Avira),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 Low

Distribution potential:

 Medium

Infection Channel 1 : Propagates via removable drives

Infection Channel 2 : Copies itself in all available physical drives

Description: 

This memory-resident worm propagates by dropping a copy of itself as TEL.XLS.EXE into removable drives and all available physical drives. It also drops the file named AUTORUN.INF together with a copy of itself. The said .INF file enables the dropped copy to automatically execute once a user accesses the affected drives.

It also modifies a certain registry entry to hide files with the Hidden attributes. As a result, files with the said attribute are not displayed when viewed via Windows Explorer.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jan. 8, 2007 6:16:16 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.