Andr0m3da
Power Member
VBS/Chick.D is a worm that spreads via e-mail and IRC using a message that
refers to Bill Gates and contains an attachment called "Mocosoft.chm". Once
the attached file is run, the worm creates two files on the infected system
("Mocosoft.chm" and "Script.ini") that will allow it to spread. The file
"Script.ini" will only be generated on the system provided the IRC chat
application is installed on the computer. Once the worm has carried out is
payload, it displays a series of messages on the screen. VBS/Chick.D
consists of a compiled HTML file 35,573 bytes in size.
Gibmonk.2256 is an MS-DOS, memory resident virus that infects COM or EXE
executable files. On October 10, if an infected SYS file is run, the virus
will display a message on the screen. Additionally, on March 8, Gibmonk.2256
replaces all the image files in GIF format found on the system with an image
showing the Gibraltar flag. Finally, in order to carry out its payload,
Gibmonk.2256 creates a dropper file -with a random name and extension -, and
modifies the "CONFIG.SYS" file.
We will finish today's report with JS/Trojan.Seeker.O, a Trojan written in
JScript that only works correctly if the Windows Scripting Host is installed
on the infected computer. This malicious code changes the Internet Explorer
home page and inserts an entry in the Favorites folder.
refers to Bill Gates and contains an attachment called "Mocosoft.chm". Once
the attached file is run, the worm creates two files on the infected system
("Mocosoft.chm" and "Script.ini") that will allow it to spread. The file
"Script.ini" will only be generated on the system provided the IRC chat
application is installed on the computer. Once the worm has carried out is
payload, it displays a series of messages on the screen. VBS/Chick.D
consists of a compiled HTML file 35,573 bytes in size.
Gibmonk.2256 is an MS-DOS, memory resident virus that infects COM or EXE
executable files. On October 10, if an infected SYS file is run, the virus
will display a message on the screen. Additionally, on March 8, Gibmonk.2256
replaces all the image files in GIF format found on the system with an image
showing the Gibraltar flag. Finally, in order to carry out its payload,
Gibmonk.2256 creates a dropper file -with a random name and extension -, and
modifies the "CONFIG.SYS" file.
We will finish today's report with JS/Trojan.Seeker.O, a Trojan written in
JScript that only works correctly if the Windows Scripting Host is installed
on the infected computer. This malicious code changes the Internet Explorer
home page and inserts an entry in the Favorites folder.