W32/Aimven

description-logoAnalysis

  • Virus is 32bit with a size of 8192 bytes
  • Virus attempts to modify an executable file associated with AOL Instant Messenger (also known as AIM) located at this path in order to inject itself into messages sent to others –
    C:\PROGRA~1\AIM95\ICBMFT.OCM
  • If executed, the virus may copy itself to the local drive C: as v.exe
  • Attempts to send executable files to others on the AIM contact or buddy list may have the exe file replaced with a copy of the worm due to the modification made to “ICBMFT.OCM”
  • Virus contains this string in its code –
    “Legal Copyright AOL Corporation. All rights reserved!”

Telemetry logoTelemetry

Detection Availability

FortiClient
Extreme
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR