Threat Center Threats Explained Threat Encyclopedia Threat Blog Security Tips Case Studies White Papers Newsletter Signup
 

VBS/VBSWG.L


VBS/VBSWG.L is a script virus written in Visual Basic Script (VBS) created by means of the generator VBSWG.  The worm spreads as an email message with subject: Antrax Info.
In the message is the following text in Spanish:

si no sabes que es el antrax o cuales son sus efectos aqui te mando una foto para que veas los efectos que tiene
Nota:la foto esta un poco fuerte.

(Translation: if you do not know what antrax is or what its effects are I am sending you a photo so you can see it. Note: The picture is for strong nerves only.)

The attachment is formed by the file antraxinfo.vbs which contains the worm body.  The worm modifies files mirc.ini and events.ini so that it could spread by means of IRC clients.  It also goes through network disks and overwrites all found VBS and VBE files by its body.
The worm uses the item HKCU\software\Antrax\mailed in the registry  to mark the performed sending out of its body.
If there is not the number one in it the worm creates the abovementioned email and sends it to all addresses from the address book.  It is about the same with IRC clients.
The worm body begins with the string Vbs.Antrax Created By wAsEk and ends with the string Vbswg 1.0. [K]Alamar.
On January 26th it displays the following window:




PROTECT YOUR COMPUTER!
ESETs NOD32 antivirus software provides comprehensive, easy-to-use, and affordable protection from todays and tomorrows threats. We put the malware expert inside the software, so you don’t have to become one.

DOWNLOAD ESET NOD32 ANTI VIRUS SOFTWARE

 

 
Top of Page Back One Page Print this Page