Home / malware Win32.Worm.Autorun.VB.E
First posted on 21 November 2011.
Source: BitDefenderAliases :
Win32.Worm.Autorun.VB.E is also known as Worm.Win32.AutoRun.aql, W32/Autorun.worm.h, virus, W32/AutoRun.CES, WORM_VB.BEZ.
Explanation :
Once executed, the worm drops two text files in the current directory
- taipingtime.txt
- taipingtime_flag.txt
The first one is empty, and the second one is 23 bytes long.
After it has been dropped, it tries to acces various network adresses in order to download an executable file in the system directory; this file is added in a autorun registry key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
aa = "%Windir% aipingtianguov1.1.exe"
It also opens an internet explorer page: http://edition.cnn.com/Last update 21 November 2011