Trend Micro Virus Alert: PE_ICABDI.A

Discussion in 'malware problems & news' started by Randy_Bell, Mar 11, 2006.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    PE_ICABDI.A is non-destructive proof-of-concept malware that attempts to infect Microsoft Infopath .XSN files. Infopath is an application used to develop XML-based user forms. This file infector is currently spreading in-the-wild and infecting computers running Windows 2000, XP, and Server 2003.

    The malware creates a temporary folder named iCab, and then copies a target XSN file that attempts to infect in the temporary folder. The contents of the file are then extracted.

    To infect the XSN file, it inserts a malicious script inside the script.js of the target XSN file. To clean up traces of its malicious routine, it then attempts to recreate the original (already infected) file, and delete iCab and all its contents. However, due to errors in its code, it is unable to perform its file infection and cleanup routines.

    If you would like to scan your computer for PE_ICABDI.A or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com/

    For additional information about the PE_ICABDI.A please visit:
    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_ICABDI.A
     
Loading...
Thread Status:
Not open for further replies.