1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Threats
  3. Virus and threat descriptions
    4. Anjulie

Anjulie

ALIAS:I-Worm.SSIWG2, VBS/Angel@mm, VBS.Rewind@mm

Summary

VBS/Anjulie.A@mm is a worm written in Visual Basic Script that drop a CIH virus variant.

VARIANT:VBS/Anjulie.A@mm

Summary

VBS/Anjulie.A@mm is e-mail worm (mass mailer) which propagates using Outlook application. The message looks as follow: 



    Subject: Read the true history on Angelina Julie



    Body:



    Your life
    Your work
    Your lovers



    Attachment: <the name of the attached script file>


Originally the worm has been distributed in a file called AngelinaJulie.txt.vbs but it might be different.

The worm tries to hide part of its code using a simple encryption. It also contains the following commented line which it never show:

'By AlevirusSCS VxBrasil :)

VBS/Anjulie worm drops two files in Windows Temporary directory. One of them is T4umhf5.vbs which is the script worm. The other file is Ale32.exe and it is infected with a CIH virus variant. More information about CIH you can find here:

Europe: http://www.europe.f-secure.com/v-descs/cih.shtml

USA: http://www.f-secure.com/v-descs/cih.shtml

F-Secure Anti-Virus detects Angel worm with the current updates:

http://www.f-secure.com/download-purchase/updates.shtml

[Analysis: Katrin Tocheva, F-Secure; March 23, 2001]