New Virus --> VBS/Britney-A

Discussion in 'malware problems & news' started by javacool, Feb 28, 2002.

Thread Status:
Not open for further replies.
  1. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
  2. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    Quote from the article:
     
  3. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    In other recent news, virus researchers indicate it MAY ACTUALLY be a BAD idea to open e-mails claiming "open me - free pictures if you enable a very unsafe part of your operating system".  ;)
     
  4. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    Sophos virus article:

    (from here: http://www.sophos.com/virusinfo/articles/britney.html

     
  5. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    Sophos virus bulletin:

     
  6. FanJ

    FanJ Guest

    VBS/Britney-A

    Name: VBS/Britney-A
    Aliases: VBS/Breetnee, VBS/BritneyPic@MM, worm/BritneyPic
    Type: Visual Basic Script worm
    Date: 28 February 2002


    At the time of writing Sophos has received just one report of this worm from the wild.

    Description:

    VBS/Britney-A is a mass-mailing worm which spreads via both Microsoft Outlook and IRC networks. It copies itself to BRITNEY.CHM in the Windows folder and then emails itself to all  addresses in the Outlook address list. The emails will have the following characteristics:

    Subject Line: RE: Britney Pics
    Body Text: Take a look at these pics ...
    Attachment: BRITNEY.CHM

    The worm requires ActiveX to be enabled for the VBS to run and so it prompts the user to enable ActiveX with the message "Enable ActiveX To See Britny Pictures".

    VBS/Britney-A searches the C:, D: and E: drives for the presence of a file called MIRC.INI. If it finds a file of this name then the worm creates a SCRIPT.INI file which will then attempt to send copies of the files to other IRC users.

    SCRIPT.INI will be detected by Sophos Anti-Virus as
    mIRC/Simp-Fam.


    Read the analysis at
    http://www.sophos.com/virusinfo/analyses/vbsbritneya.html
     
  7. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    Wow...same post, same time.

    Scary...
     
  8. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    Well I sure feel educated after reading all that! A simple link may have sufficed but nevertheless, as a "fascinated father" myself, I'm glad to have this advanced warning.
     
  9. FanJ

    FanJ Guest

    Hey JC,

    Yep, same time  :D
    I just wanted to delete my posting after I saw yours, but was too late  ;)
    Thanks for posting Javacool  :)
     
  10. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    My friend got it!!!! He didn't open it (lucky he, ha). What concerns me is the fact that NOD32 doesn’t detect it (He has NOD32 for AV protection).

    I told him that Eest will probably have update tomorrow or day after tomorrow... Isn't little lateo_O  o_O

    Technodrome
     
  11. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi TD,

    Eset/Nod32 does have a copy.

    regards.

    paul
     
  12. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    My system is, and always has been, completely, 100% immune from viruses like the above.  What software do I use to gain this protection?  None.  I simply couldn't give a sh*t about Britney so I'd never get past the subject line.
     
  13. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi all,
    Excuse my ignorance, as i did not follow the developments of NOD32, which i thought to be about the best AV program, so why would it be supposed to catch worms?
    As it's a VBS i'd suppose it will be stopped from running by your worm or vbs blocker/protection as well.
    Just a question, not interested in Britney either.
     
  14. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Hi Paul

    I think it's covered by today’s release. (As I thought)  ;)

    Technodrome
     
Loading...
Thread Status:
Not open for further replies.