W32/Metrion-B

Discussion in 'malware problems & news' started by FanJ, Jul 3, 2002.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    Name: W32/Metrion-B
    Aliases: Win32-HLLP-Metrion32704-B, Win32.Metrion.37204
    Type: Win32 executable file virus
    Date: 3 July 2002


    At the time of writing Sophos has received just one report of
    this virus from the wild.

    Note: This IDE file will detect W32/Metrion-A, W32/Metrion-B and
    W32/Metrion-C.

    More information about W32/Metrion-B can be found at
    http://www.sophos.com/virusinfo/analyses/w32metrionb.html
     
  2. FanJ

    FanJ Guest

    W32/Metrion-B overwrites BAT files with a two line batch script that is designed to run the virus.

    CPP files are overwritten with a few lines of C++ code that will print the output "Tagged by Metrion Cascade II" when compiled.

    VBS files are overwritten with a single line of VBScript that displays the same output as the compiled C++ code would.

    HTM files are overwritten with several lines of HTML that will display a page containing the text "Metrion Cascade II -icarus".
     
Thread Status:
Not open for further replies.