VBS/Fireburn - VBS script virus

Siehe auch

Vollständig

Alias:	VBS/Fireburn@MM
Type:	Worm
Size:	5.132 Bytes
Origin:
Date:	05-30-2000
Damage:	Sent by email.
VDF Version:	6.20.00.00
Danger:	Low
Distribution:	Low

DistributionThe email worm Fireburn sends itself to all entries in Outlook Address Book.
If the infectious attachment is opened on a German computer, the email sends German texts. These can look like this:

Hi, wie geht's dir?
Guck dir mal das Photo im Anhang an, ist echt geil ;)
bye, bis dann.

If the virus is activated on an English system, the email looks like this:

Hi, look at that nice Pic attached!
Watching it is a must ;)
cu later...

Attachment:

"Ultra-Hardcore-Bondage.JPG.vbs"
"Christina__NUDE!!!.JPG.vbs"
"CuteJany__BigTits!.GIF.vbs"
"MyGirlfriend__NUDE!.JPG.vbs"
"Aguiliera__NUDE!!.JPG.vbs"
"!Jany__Gets-fucked!.GIF.vbs"
"cute__EmmaPeel!!!.JPG.vbs"
"Julie17__xxx.GIF.vbs"

Technical DetailsThe worm makes the following registry key entry:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSrundll32=rundll32.vbs

Its payload is activated on the 20th of June. The following message appears on the screen:

I'm proud to say that you are infected by FireburN!

Then, the mouse and the keyboard are deactivated. This can not be canceled by restoring the data. The registry entries for keyboard and mouse deactivating are:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Shut_Up rundll32 mouse,disable
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Shut_Up2 rundll32 keyboard,disable

Kurzfassung hier.

Beschreibung erstellt von Crony Walker am Tue, 15 Jun 2004 14:00 (GMT+1)

» Über Malware
» Über Phishing
» In-the-Wild-Viren

« zurück