1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Threats
  3. Virus and threat descriptions
  4. SSIWG

SSIWG

ALIAS:I-Worm.SSWIG

Summary

VBS/SSIWG is a family of mass mailing worms generated with a virus construction kit.

Additional Details

VARIANT:SSIWG.A@mm
When VBS/SSIWG.A@mm is executed, it copies itself to the Windows System directory as "Y072QWV.VBS". This file is also set to be executed in each system startup via following registry key: 

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\

Next the worm copies itself to the root of each network drive, and sends itself to all recipients in all address books using Outlook. Messages that VBS/SSIWG.A sends have the following characterstics: 

    Subject:    I'am missing U
    Body:       Could u remember me ?
    Attachment: Y072QWV.VBS

Note: The name of the attachment can be other that "Y072QWV.VBS".

The worm uses a counter in the registry, so the mass mailing will happen only every 20th run.

[Analysis: Sami Rautiainen, F-Secure; August 2001]