Threat Description

Staple

Details

Aliases:Staple
Category:Malware
Type:Worm
Platform:VBS

Summary



VBS/Staple is a mass mailing worm written in Visual Basic Script.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.



Technical Details




Variant:Staple.A

This worm arrives in a email message with the following content:

  Subject: RE:Injustice
 Body: Dear <name of the infected user>
 Did you send the attached message, I was not expecting this from you !
 Attachment: injustice.TXT.vbs

When executed, the worm copies itself to the Windows System directory as "injustice.TXT.vbs". Then it sends itself to 50 random recipients from each address book. The worm also sends several infected messages to email addresses in Israel.Next the worm shows a message related to Middle-East war, as follows:

  PLEASE ACCEPT MY APOLOGIES FOR DISTURBING YOU.
 Remember that one day YOU may be in this situation.
 We need every possible help.
 Israeli soldiers killed in cold blood 12 year old Palestinian child
 Mohammad Al-Durra, as his father tried to protect him in vain with
 his own body. As a result of the indiscriminate and excessive use of
 machine gun fire by Israeli soldiers, journalists and bystanders
 watched helplessly as the child was savagely murdered.
 Palestinian Red Crescent Society medic Bassam Balbeisi
 attempted to intervene and spare the child's life but live
 ammunition to his chest by Israeli fire took his life in the process.
 The child and the medic were grotesquely murdered in cold blood.
 Mohammad's father, Jamal, was critically injured and permanently
 paralyzed. Similarly, approximately 40 children were slain, without
 the media taking notice or covering these tragedies.
 THESE CRIMINAL ACTS CANNOT BE FORGIVEN OR FORGOTTEN!!!!

Finally VBS/Staple.A opens six Internet Explorer browser windows, and connects to related web sites.


Variant:Staple.B

The second variant of VBS/Staple propagates in messages that have following content:

  Subject: hotstuff for you
 Body: Dear <recipients's name>
 CHEK THE ATTACHED HOT STUFF .. !
 Attachment: hotstuff.gif.vbs

Otherwise VBS/Stable.B@mm behaves like the original one.





Technical Details: Katrin Tocheva and Sami Rautiainen, F-Secure; March - May 2001


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Scan & clean your PC

F-Secure Online Scanner will scan and clean your PC in just a few minutes for free

Learn More