|
|
|
VIRUS
NAME : VBS/Horty.b@MM
Virus
Characteristics
This threat is detected
as VBS/Horty@MM. The virus may arrive as an email attachment ANGELINA-JOLIE
MEGAFUCK.TXT.vbs and will send an email using Outlook in the following
format:
- Subject: Check
this!
- Body: Have
you ever seen Angelina Jolie in extremely hot scenes? You cannot imagine
the pleasure,unless you check the attachment. "I'll get in touch
with you again soon...
- Attachment:
ANGELINA-JOLIE-MEGAFUCK.TXT.vbs
If the virus was executed
from the A:\ or B:\ drive, it will copy itself to c:\TARANTINO.TXT.vbs.
It then copies the following infected files to the Windows Directory:
- ANGELINA-JOLIE-MEGAFUCK.TXT.vbs
- kernelDLL.vbs
- PING-PONG.TXT.vbs
- BLOWJOB.TXT.vbs
- DANCE-WITH-THE-DEVIL.TXT.vbs
- MATRIX2-THEME.TXT.vbs
- SPIDER-MAN-THE-MOVIE.TXT.vbs
- THE-GIFT.TXT.vbs
- x-MEN.TXT.vbs
- IRON-MAIDEN-ARE-DEAD.TXT.vbs
- METALLICA-NEW-ALBUM.TXT.vbs
- THE-MUMMY-RETURNS.TXT.vbs
And the following files
to the Windows System Directory
- Winkernel.vbs
- LORD-OF-THE-RINGS-3.TXT.vbs
- BRAD-PITT-IS-GAY.TXT.vbs
- FUCK-THIS-CORPSE.TXT.vbs
- AAAARRRGGGHH.TXT.vbs
- THIS-IS-MY-LAST-HOUR.TXT.vbs
- BLACK-SABBATH.TXT.vbs
- LARA-CROFT-BLOWJOB.TXT.vbs
- MICROSOFT-BEEN-HACKED.TXT.vbs
- WIN98-SUPERCRASH.TXT.vbs
- ATTENTION!!!.TXT.vbs
The following infected
files can be created on A: or B: drive:
- WAKE-UP-DEAD-MAN.TXT.vbs
- LORD-OF-THE-RINGS-2.TXT.vbs
- READY-TO-DIE.TXT.vbs
- FUCK.TILL.DEATH.TXT.vbs
- AFRICA-GAY.TXT.vbs
- YOU-HAVE-AIDS.TXT.vbs
- NOTHING-ELSE-MATTERS.TXT.vbs
- KYLIE-MINOGUE.TXT.vbs
- BILL-GATES-SMASHES-ALL.TXT.vbs
- SHIT-HAPPENS.TXT.vbs
The following registry
key is added so that the virus will run on the next boot up of the system:
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinUpdated,"wscript.exe"
kernelDLL.vbs
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinUpdated,"wscript.exe"
Winkernel.vbs
The virus will send email
and if the day is 16th of May, the virus will delete the Windows directory.
Then accordingly the day (11th to 16th of May) different messages will be
displayed.
Symptoms
The presence of the following files:
- ANGELINA-JOLIE-MEGAFUCK.TXT.vbs
- kernelDLL.vbs
- PING-PONG.TXT.vbs
- BLOWJOB.TXT.vbs
- DANCE-WITH-THE-DEVIL.TXT.vbs
- MATRIX2-THEME.TXT.vbs
- SPIDER-MAN-THE-MOVIE.TXT.vbs
- THE-GIFT.TXT.vbs
- x-MEN.TXT.vbs
- IRON-MAIDEN-ARE-DEAD.TXT.vbs
- METALLICA-NEW-ALBUM.TXT.vbs
- THE-MUMMY-RETURNS.TXT.vbs
And the following files
to the Windows System Directory
- Winkernel.vbs
- LORD-OF-THE-RINGS-3.TXT.vbs
- BRAD-PITT-IS-GAY.TXT.vbs
- FUCK-THIS-CORPSE.TXT.vbs
- AAAARRRGGGHH.TXT.vbs
- THIS-IS-MY-LAST-HOUR.TXT.vbs
- BLACK-SABBATH.TXT.vbs
- LARA-CROFT-BLOWJOB.TXT.vbs
- MICROSOFT-BEEN-HACKED.TXT.vbs
- WIN98-SUPERCRASH.TXT.vbs
- ATTENTION!!!.TXT.vbs
The following infected
files can be created on A: or B: drive:
- WAKE-UP-DEAD-MAN.TXT.vbs
- LORD-OF-THE-RINGS-2.TXT.vbs
- READY-TO-DIE.TXT.vbs
- FUCK.TILL.DEATH.TXT.vbs
- AFRICA-GAY.TXT.vbs
- YOU-HAVE-AIDS.TXT.vbs
- NOTHING-ELSE-MATTERS.TXT.vbs
- KYLIE-MINOGUE.TXT.vbs
- BILL-GATES-SMASHES-ALL.TXT.vbs
- SHIT-HAPPENS.TXT.vbs
Method
Of Infection
Executing one of the above files.
|
|
|
