Drops the file l0l_53xy_l0l.html to the current directory and opens it via Microsoft Internet Explorer. This HTML document is not malicious but just connects to the following websites:
- Copies itself to the System folder as Isass.exe.
Adds the value
Anti = undefinedSYSTEMundefined\Isass.exe, where undefinedSYSTEMundefined refers to the System folder
to the registry subkeys
Creates several copies of itself to the root folder of Drive C. The copies have the following filenames:
- Beautiful Ass.pif
- Me & you pic!.pif
- Me Pissed!.pif
- She Could Fit her Ass in a Teacup.pif
- she's fuckin fit.pif
- John Kerry as Super Chicken.scr
Attempts to terminate the following processes:
- Sends a copy of itself via MSN messenger to the user's contact list.
Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option