WORM_VB.AS

This memory-resident worm propagates via the peer-to-peer (P2P) file-sharing application LimeWire.

Upon execution, it displays the following message:

Version has expired please download software update.

This worm creates the folder WINUPDATES, where it drops a copy of itself as the file WINUPDATES.EXE, in the Program Files folder.

It then creates a registry entry to ensure its automatic execution at every system startup.

This worm drops the nonmalicious file BSZIP.DLL. It uses the said file to drop its compressed copy, A.ZIP, in the folder %Program Files%\Winupdates, using ZIP compression.

(Note: %Program Files% is the default Program Files folder, usually C:\Program Files.)

It also has the ability to terminate processes running on the affected system. This worm drops several files in the system folder, which contains the string MZ, allowing this worm to disable certain Windows tool applications.

This worm creates COMPLETE folder in the system's current user profile. It then drops several .ZIP copies of itself using file names of popular applications and gaming software in the created folder.

Related Items