Threat Description

Anjulie

Details

Aliases:Anjulie, I-Worm.SSIWG2, VBS/Angel@mm, VBS.Rewind@mm
Category:Malware
Type:Worm
Platform:VBS

Summary



VBS/Anjulie.A@mm is a worm written in Visual Basic Script that drop a CIH virus variant.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details




Variant:VBS/Anjulie.A@mm

VBS/Anjulie.A@mm is e-mail worm (mass mailer) which propagates using Outlook application. The message looks as follow:

  Subject: Read the true history on Angelina Julie
 Body:
 Your life
 Your work
 Your lovers
 Attachment: <the name of the attached script file>

Originally the worm has been distributed in a file called AngelinaJulie.txt.vbs but it might be different.

The worm tries to hide part of its code using a simple encryption. It also contains the following commented line which it never show:

'By AlevirusSCS VxBrasil :).

VBS/Anjulie worm drops two files in Windows Temporary directory. One of them is T4umhf5.vbs which is the script worm. The other file is Ale32.exe and it is infected with a CIH virus variant. More information about CIH you can find here:

Europe: http://www.europe.f-secure.com/v-descs/cih.shtml

USA: http://www.f-secure.com/v-descs/cih.shtml

F-Secure Anti-Virus detects Angel worm with the current updates:

http://www.f-secure.com/download-purchase/updates.shtml





Description Created: Analysis: Katrin Tocheva, F-Secure; March 23, 2001


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More