VBS.Pinprick@mm

Discussion in 'malware problems & news' started by Bowserman, Jun 18, 2003.

Thread Status:
Not open for further replies.
  1. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    From Symantec:

    "VBS.Pinprick@mm is a mass-mailing worm that infects the .htm and .vbs files. This worm requires a MAPI-compliant email client, such as Microsoft Outlook, to propogate. The email will have a variable subject name and an attachment named Winhtm32.html.

    Type: Worm
    Infection Length: one file
    Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
    Systems Not Affected: Macintosh, OS/2, UNIX, Linux


    VBS.Pinprick@mm will arrive as the body of an email with one of the following subjects:

    Nothing Special
    Uninstall information
    Password confirmation
    Notice
    Re:
    Some news
    Hello
    MP3s
    Just a reply
    Email changes
    Reminder
    File backup
    Webpage builder
    Some documents
    Jokes
    Some notes
    Backup data
    New <word> where <word> is one of the following:
    sign up
    login
    email
    download
    password
    domain
    document
    spreadsheet
    file
    webpage
    <word 1> <word 2>
    where <word 1> is one of these:
    Email
    Business
    Web
    Confidential
    Printer
    Webpage
    and <word 2> is one of the following:
    passwords
    files
    documents
    spreadsheets
    folders
    notes
    tools
    guides
    scripts
    summary
    overview

    Once VBS.Pinprick@mm is executed, it does the following:
    Mails itself to all the contacts in your address book.


    Copies itself as:
    %Startup%Winwsh32.vbs (%startup% represents your startup folder such as C:WindowsStart MenuProgramsStartup on 9x systems)
    %Windir%Login32.vbs
    %Windir%Winmsgc.vbe
    %System%Winmsgc32.vbs
    %System%Winmsgc.vbe


    Appends itself to all the .vbs, .htm and .html files on the local and mapped drives.

    Due to bugs in the worm, it may not always be able to correctly attach itself to email messages."


    Get more information Here: http://www.symantec.com/avcenter/

    Regards, Jade.
     
Thread Status:
Not open for further replies.