- Virus is 32bit, with a UPX compressed size of 29,112
- Virus icon resembles that of a lime-green heart
- Virus may search the following list and attempt
to terminate any name-matching process running in
Virus may copy itself to the Recycle Bin folder (normally named C:\Recycled) as a random name and modify the registry to run this any time an EXE file is run, as in this example -
(Default) = ""c:\recycled\kqqr" undefined1 undefined*"
Next, the virus will scavenge the local drive for email addresses and send a copy of itself to addresses found in varying email formats, based on a randomly selected subject line and body text.
Message is structured such that it uses an exploit which will cause the attachment to launch automatically when the message is opened or previewed in Outlook -
- The email message will have an additional file attachment, typically a file with .HTM extension, which is a clean and non-infectious file.
Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option