VBS/IETitle.C - VBS script virus

See also

Summary

Full description

Statistics

Virus:	VBS/IETitle.C
Date discovered:	11/12/2006
Type:	Trojan
In the wild:	Yes
Reported Infections:	Low to medium
Distribution Potential:	Low to medium
Damage Potential:	Low
Static file:	No
IVDF version:	6.36.01.159 - Mon, 11 Dec 2006 15:04 (GMT+1)

General Method of propagation:
   • Mapped network drives

Aliases:
   • Symantec: Trojan Horse
   • Mcafee: VBS/IE-Title virus
   • Kaspersky: Worm.VBS.Solow.b
   • F-Secure: Worm.VBS.Solow.b
   • Sophos: VBS/Solow-Gen
   • Panda: VBS/Sasan.A.worm
   • Grisoft: VBS/Small
   • VirusBuster: VBS.Solow.C
   • Eset: VBS/Butsur.B worm
   • Bitdefender: Worm.VBS.Solow.A

Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
   • Drops a malicious file
   • Registry modification

Files It copies itself to the following locations:
• %WINDIR%\MS32DLL.dll.vbs
• %drive%\MS32DLL.dll.vbs

The following file is created:

– %drive%\autorun.inf Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too. Detected as: VBS/IETitle.A

Registry One of the following values is added in order to run the process after reboot:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "MS32DLL"="%WINDIR%\MS32DLL.dll.vbs"

The following registry key is changed:

– [HKCU\Software\Microsoft\Internet Explorer\Main]
   New value:
   • "Window Title"="Hacked by Godzilla"

File details Programming language:
The malware program was written in Visual Basic.

See a brief description here.

Description inserted by Andreas Feuerstein on Fri, 07 Nov 2008 11:04 (GMT+1)
Description updated by Andreas Feuerstein on Fri, 07 Nov 2008 11:47 (GMT+1)

» About Malware
» About Phishing
» Viruses In the Wild

« back