Content
VBS/Loding.a@MM
- Type
- Virus
- SubType
- Internet Worm
- Discovery Date
- 08/15/2001
- Length
- 5,721
- Minimum DAT
- 4155 (08/22/2001)
- Updated DAT
- 4155 (08/22/2001)
- Minimum Engine
- 5.1.00
- Description Added
- 08/15/2001
- Description Modified
- 12/18/2001 10:33 AM (PT)
Tab Navigation
Characteristics
-- Update 8/28/2001 ---
This second site, http://(omitted).tripod.com has been shut down and is no longer a threat.
-- Update 8/27/2001 ---
A new variant, detected as VBS/Loding.b@MM, has been posted to a tripod.com website. The email message sent is as follows:
Subject:Hi !
Body:
Hi, how are you ? I am fine here. Please read the page http://(omitted).tripod.com/ to get some knowledge and prevent somebody hack you. Forword this mail to help all your friends too.
-- Update 8/16/2001 ---
This URL referenced by this virus has been removed. Therefore this virus is no longer a threat.
This threat will be identified as VBS/Generic@MM with the 4155 DATs.
This mass-mailing worm exists as an embedded VBScript in a web page and makes use of a Microsoft virtual machine vulnerability. Accessing the infected page with Internet Explorer 4+ (with browser security settings less than HIGH), results in the script being executed. This script contains instructions to email a message to all recipients found in the Microsoft Outlook Address Book using the following information:
Subject: Computer Secrets !
Body:
If you are using Win9x/Me, visit the following page will upgrade your pc performance. If you are not using Win9x/Me or don't want to upgrade your pc, only forward this page to your friends. Maybe your friends need it.
http://(omitted).topcities.com/(omitted).htm
Following the URL specified in the email message takes the user to the malicious site.
The worm creates the file C:\REGSETTING.REG (which contains non-critical system/browser settings), and then imports this file into the registrySymptoms
- Email messages in your Microsoft Outlook Sent Items folder which you did not send
- Presence of the file C:\REGSETTING.REG
Method of Infection
This virus exists as embedded VBScript in a web page and makes use of a Microsoft virtual machine vulnerability.
Removal
All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.
Variants
Variants
- VBS/Loding.b@MM
All Information
Overview -
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
Aliases
- VBS/Loding@MM
Characteristics
Characteristics -
-- Update 8/28/2001 ---
This second site, http://(omitted).tripod.com has been shut down and is no longer a threat.
-- Update 8/27/2001 ---
A new variant, detected as VBS/Loding.b@MM, has been posted to a tripod.com website. The email message sent is as follows:
Subject:Hi !
Body:
Hi, how are you ? I am fine here. Please read the page http://(omitted).tripod.com/ to get some knowledge and prevent somebody hack you. Forword this mail to help all your friends too.
-- Update 8/16/2001 ---
This URL referenced by this virus has been removed. Therefore this virus is no longer a threat.
This threat will be identified as VBS/Generic@MM with the 4155 DATs.
This mass-mailing worm exists as an embedded VBScript in a web page and makes use of a Microsoft virtual machine vulnerability. Accessing the infected page with Internet Explorer 4+ (with browser security settings less than HIGH), results in the script being executed. This script contains instructions to email a message to all recipients found in the Microsoft Outlook Address Book using the following information:
Subject: Computer Secrets !
Body:
If you are using Win9x/Me, visit the following page will upgrade your pc performance. If you are not using Win9x/Me or don't want to upgrade your pc, only forward this page to your friends. Maybe your friends need it.
http://(omitted).topcities.com/(omitted).htm
Following the URL specified in the email message takes the user to the malicious site.
The worm creates the file C:\REGSETTING.REG (which contains non-critical system/browser settings), and then imports this file into the registrySymptoms
Symptoms -
- Email messages in your Microsoft Outlook Sent Items folder which you did not send
- Presence of the file C:\REGSETTING.REG
Method of Infection
Method of Infection -
This virus exists as embedded VBScript in a web page and makes use of a Microsoft virtual machine vulnerability.
Removal -
Removal -
All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.
Variants
Variants -
- VBS/Loding.b@MM
