SecurityHome.eu VBS.Breetnee.A@mm

Home / malware PDF

VBS.Breetnee.A@mm

First posted on 21 November 2011.
Source: BitDefender
Aliases :
VBS.Breetnee.A@mm is also known as N/A.
Explanation :
It copies itself in the "Windows" folder (C:windows or C:winnt), with the name "Britney.chm".
It sends an email to the first contact in address book, through the Outlook.

The email has:
Subject:
"RE: Britney Pics"
Body:
"Take a look at these pics...
Regards, "
< user's name >
Attachment:
the virus - a vb-script in a html-page embedded in a chm-file.

In order to send the infected email just once, it creates the registry key
"HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionchm"
with the value "1".

It also spreads itself through the mIRC. It searches the mirc folder: It searches first the hard disk (drives C:, D:, E: ) in order to find "mirc.ini" and second, it searches in registry the key HKEY_LOCAL_MACHINESOFTWARECLASSESChatFileDefaultIcon, in order to find the location of the file "mirc.exe".

If it finds the mIRC folder, it creates there a file, "script.ini", which sends the chm-file through mIRC.
Last update 21 November 2011

TOP

Malware :

None in database

Last 20