Home / malwarePDF  

VBS.Anti700.A@mm


First posted on 21 November 2011.
Source: BitDefender

Aliases :

VBS.Anti700.A@mm is also known as N/A.

Explanation :

VBS.Anti700.A@mm is a mass-mailer worm containing a DOS virus in its body. The worm was created with a tool SSIWG, and the DOS virus, known as VCS.1077.A, was created in the past with a tool called VCS.

The worm arrives attached to an e-mail with the following format:


Subject: WARNING!!! THIS IS URGENT PLEASE READ.
Attachment: AtiVirus700.txt.vbs
Message:
Your system is in need to be cured from a DEADLY Virus that has been detected on your system.
Virus Name: W97.Hurricane.700
It has infected: Your .COM Files and your .EXE Files
Size: 1234
detectable: NO
disinfectable: YES

please read the .TXT file for further information on how to disinfect the Virus in your system!
WARNING!!!WARNING!!!WARNING!!!WARNING!!!WARNING!!!

signed,
Anti-Virus Company

P.S
for further onfo please contact me at anytime.
AV@hotmail.com


When executed, the worm will save a copy of itself in the Windows System Directory (usually C:WindowsSystem) in a file called CUC0O0.VBS and will create the registry key
HKLMSoftwareMicrosoftWindowsCurrentVersionRunServicesCUC0O0
pointing to the copy of the virus (CUC0O0.VBS); therefore it will get executed each time Windows is started.

It then drops the DOS virus in a file called AntiVirus700.com in the Windows Sytem Directory and executes it (1077 bytes in size , that contains the same message as the e-mail sent by the "mother" virus)
Lastly, it will send itself to all the user's contacts in the Outlook Adress Book as an e-mail in the above described format.

Last update 21 November 2011

 

TOP