virus logo Virus

VBS/SSIWG.U@mm

description-logoAnalysis

  • Virus is coded in VBScript with a size of 5,669 bytes - much of the code is encrypted making visual analysis difficult
  • Virus adds a key in the registry to load at Windows startup-

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
    CurrentVersion\RunServices\
    CUC0O0 = C Windows\System\CUC0O0.VBS

  • Virus writes two files to the local system-

    Windows\System\AntiVirus700.com
    Windows\System\CUC0O0.VBS

  • Virus launches AntiVir700.com which is a virus known as VCS - this dropped virus then infects COMMAND.COM

  • Virus sends emails to all contacts listed in the address book for Outlook in this format -

    Subject: WARNING!!! THIS IS URGENT PLEASE READ.
    Body: Your system is in need to be cured from a DEADLY Virus that has been detected on your system.

    Virus Name: W97.Hurricane.700
    It has infected: Your .COM Files and your .EXE Files
    Size: 1234
    detectable: NO
    disinfectable: YES

    please read the .TXT file for further information on how to disinfect the Virus in your system!
    WARNING!!!WARNING!!!WARNING!!!WARNING!!!WARNING!!!
    signed,

    Anti-Virus Company

    P.S for further onfo please contact me at anytime.
    AV@hotmail.com
    Attachment: infectious .VBS file

Telemetry logoTelemetry

ID 15573
Released Oct 01, 2002
Description
Updated		 Jul 03, 2003
Aliases VBS.Anti700, VBS.Tqll, VBS_GABRY
Platform Profile Visual Basic Script