W32/Aimven
Analysis
- Virus is 32bit with a size of 8192 bytes
- Virus attempts to modify an executable file associated
with AOL Instant Messenger (also known as AIM) located
at this path in order to inject itself into messages
sent to others –
C:\PROGRA~1\AIM95\ICBMFT.OCM
- If executed, the virus may copy itself to the local
drive C: as v.exe
- Attempts to send executable files to others on
the AIM contact or buddy list may have the exe file
replaced with a copy of the worm due to the modification
made to “ICBMFT.OCM”
- Virus contains this string in its code –
“Legal Copyright AOL Corporation. All rights reserved!”
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |