1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Threats
  3. Virus and threat descriptions
  4. Potok

Potok

Summary

VBS/Potok is a mass mailing worm written in Visual Basic Script.

Additional Details

VARIANT:Potok.A@mm
ALIAS:I-Worm.Potok, VBS/Stream
The message that the worm spreads has the following content: 

	Subject:    New Generation of drivers.
	Body:       Microsoft has published new driver for all types
                Video Cards, compatible with Windows 95/98/NT/2000/XP.
                You can read about it in attachment document.
                Best wishes,
                    Microsoft.
    Attachemnt: driver.doc                                        .vbs



There is 46 spaces between the ".doc" and ".vbs" extensions in the attachment file name.

When executed, the worm attempts to send itself to 50 recipients taken from the first address book using Microsoft Outlook.

This worm works only in Windows NT and Windows 2000, when the system is installed onto NTFS. This is because the worm uses NTFS feature known as "streams" to hide parts of itself to "odbc.ini" in the Windows installation directory.

The worm also attempts to add a new user into system. This, however, requires that the current user has suffient priviledge, for example local administrator rights.

[Analysis: Sami Rautiainen, August 2001, F-Secure]