VBS/HappyTime - VBS script virus

Siehe auch

Vollständig

Alias:	VBS/Haptime@MM
Type:	Worm
Size:	variable
Origin:
Date:	06-06-2001
Damage:	Sent by email.
VDF Version:	6.23.00.00
Danger:	Low
Distribution:	Medium

DistributionAn email sent by the worm looks like this:
Subject:
-Help
-Fw:

Attachment:

-Untitled.htm

The attachment UNTITLED.HTM contains the wormcode.

Technical DetailsHappyTime is a VBS worm, with two damage routines: it deletes all .DLL and.EXE files in Windows directory and sends its wormcode via Outlook or Outlook Express.

When an infected file is opened, the worm copies itself in

C:%WINDir%/UNTITLED.HTM

and creates the following files in Windows directory, containing the wormcode:

Help.vbs
Help.hta
Help.htm

Then in the registry directory

HKEY_CURRENT_USER\Identities\{96E63FC0-4AAC-11D5-8541-000476177D8E}\Software\Microsoft\Outlook Express\5.0\Mail\

the worm makes the following registry entry: Stationery Name = C:\\WINDOWS\\Untitled.htm

Then, the worm checks if the sum of the day and month is 13. If so, HappyTime deletes all .exe and .dll files from Windows directory (including subfolders).

The worm HappyTime keeps an Internet counter. When the counter reaches 366, the worm sends itself to all email addresses found in Outlook/ Outlook Express Inbox or folder.

Kurzfassung hier.

Beschreibung erstellt von Crony Walker am Tue, 15 Jun 2004 14:00 (GMT+1)

» Über Malware
» Über Phishing
» In-the-Wild-Viren

« zurück