Threat Description

SSIWG

Details

Aliases:SSIWG, I-Worm.SSWIG
Category:Malware
Type:Worm
Platform:VBS

Summary



VBS/SSIWG is a family of mass mailing worms generated with a virus construction kit.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details




Variant:SSIWG.A@mm

When VBS/SSIWG.A@mm is executed, it copies itself to the Windows System directory as "Y072QWV.VBS". This file is also set to be executed in each system startup via following registry key:

  HKLM\Software\Microsoft\Windows\CurrentVersion\Run\

Next the worm copies itself to the root of each network drive, and sends itself to all recipients in all address books using Outlook. Messages that VBS/SSIWG.A sends have the following characterstics:

  Subject: I'am missing U
 Body: Could u remember me ?
 Attachment: Y072QWV.VBS

Note: The name of the attachment can be other that "Y072QWV.VBS".The worm uses a counter in the registry, so the mass mailing will happen only every 20th run.





Technical Details: Sami Rautiainen, F-Secure; August 2001


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Scan & clean your PC

F-Secure Online Scanner will scan and clean your PC in just a few minutes for free

Learn More