WORM_VB.FND
Windows 98, ME, NT, 2000, XP, Server 2003
Threat Type: Worm
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This worm arrives as an attachment to email messages spammed by other malware/grayware or malicious users.
It drops copies of itself in all removable and physical drives found in the system.
TECHNICAL DETAILS
Arrival Details
This worm arrives as an attachment to email messages spammed by other malware/grayware or malicious users.
Installation
This worm drops the following copies of itself into the affected system:
- %WINDOWS%\Fonts\{random}.com
- {Drive Letter}\WINDOWS.EXE
- {Drive Letter}\Explorer.exe
Autostart Technique
This worm adds the following registry entries to enable its automatic execution at every system startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
TempCom = %WINDOWS%\FONTS\{random}.com
Propagation
This worm drops copies of itself in all removable and physical drives found in the system.
It searches the network for the following shared networks onto which it attempts to drop copies of itself: