Home / malware VBS.Breetnee.F@mm
First posted on 21 November 2011.
Source: BitDefenderAliases :
VBS.Breetnee.F@mm is also known as I-Worm.Brit-G, World, Cup, VBS/Chick-F, VBS_CHICK.F, VBS/Chick.f@M.
Explanation :
The virus copies itself as "koreajapan.chm" in Windows folder (or Winnt folder). This worm spreads through Outlook and mIRC. It sends an email to the first contact from the Outlook address book.
The format of an infected e-mail is:
From: ‹e-mail of an infected person›
Subject: "RE: Korea Japan Results"
Body:
Take a look at these results ...
Regards,
name of the infected person
Attachment: "koreajapan.chm"
It also writes the value "1" in the registry key
"HKEY_LOCAL_MACHINE\SOFTWAREMicrosoftWindowsCurrentVersionchm"
in order to send an infected email only for the first time.
It also spreads through mIRC. It searches the file "mirc.ini" in the folders and subfolders of drives C, D, E. It also attempts to find mIRC by looking at the registry key
"HKEY_LOCAL_MACHINESOFTWARECLASSESChatFileDefaultIcon\"
and thus retrieving mIRC folder. In case it finds mIRC, it overwrites the file "script.ini" in order to send itself through mIRC.Last update 21 November 2011
