F-Secure Virus Descriptions : Lasku
[Summary] | [Detailed Description] | [Detection]
VBS/Lasku is a simple massmailing VBS Worm, using Outlook to
spread. Due to a bug in the code it will fail to spread. This
will not stop its payload from execution.
VBS/Lasku.A has been reported to have been spammed in Finland. Once executed the script creates a copy of itself to the root of C: drive:
C:\LASKELMAT.HTML
It was written to spread in messages that look like this:
Subject: Kysymys
Body: Miksi lähetät tämä laskelmat.html minulle. Haluatko myydä ne tiedot?
Attachment: LASKELMAT.HTML
VBS/Lasku searches trough Outlook mail boxes and tries to send itself to
emails found in Incoming and Deleted mailboxes. When attempting to send
itself, Lasku will delete all email messages from these mailboxes. The
incoming emails can be restored from the deleted mailbox unless the code is
executed again.
After that VBS/Lasku attempts to delete all files from drives A-P and then
shows a message which displays a reference to Lord of The Rings:
I am Lord of MorDor. Youre stupid! thievishness my Ring!
Detection in F-Secure Anti-Virus was published on January 30th, 2004 in
update:
[FSAV_Database_Version]
Version=2004-01-30_01
Description:
Mikko Hypponen, January 30th, 2004
Technical details:
Katrin Tocheva, Veli-Jussi Kesti, Sami Rautiainen, January 30th, 2004
|
![](/images/pixel.gif"){kind=tracking}
