Discussion in 'malware problems & news' started by FanJ, Apr 16, 2002.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    Name: VBS/Chick-C
    Aliases: I-Worm.Brit.c, VBS.Chick.C@mm
    Type: Visual Basic Script worm
    Date: 16 April 2002

    At the time of writing Sophos has received no reports from users
    affected by this worm. However, we have issued this advisory
    following enquiries to our support department from customers.


    VBS/Chick-C is a Visual Basic Script worm very similar to

    VBS/Chick-C spreads via both Microsoft Outlook and IRC networks.

    The worm copies itself to SHAKIRA.CHM in the Windows folder and
    then emails itself to the first address in the Outlook address

    The email will have the following characteristics:

    Subject line:
    Nuevo video de SHAKIRA!

    Message text:
    He visto el nuevo video de Shakira
    y me he enamorado de ella.
    Esta hermosa mujer es hermosa, es impactante
    me ha hecho suspirar y quiero que
    igual que yo compartas esta emocion.

    Attached file:

    The worm requires ActiveX to be enabled for the VBScript to run
    and so it prompts the user to enable ActiveX with the message
    "Permite Active X para ver el nuevo video de SHAKIRA".

    VBS/Chick-A searches drives C:, D: and E: for the presence of a
    file called MIRC.INI. If it finds a file of this name then the
    worm creates a SCRIPT.INI file which will then attempt to send
    copies of the files to other IRC users.

    SCRIPT.INI will be detected by Sophos Anti-Virus as

    Read the analysis at
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.