Numgame

Threat description

Details

CATEGORYMalware
TYPEWorm

Summary

This is a Visual Basic Script worm that disguises itself as a Valentines Day game.



Removal

Automatic action

Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.

More scanning & removal options

More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Technical Details


Variant:Numgame.A

It is written to spread to all addresses found in Outlook's Contacts folder. It sends e-mail messages that look as follows:

Subject:Are you [User's name] my valentine?
Body:   Hi [User's name] my valentine, remember me? I ain't seen
you in ages! Anyway, check-out and play the attached
guess-the-number-game to guess who I am. See you soon,
bye-bye!
Attachment: GuessGame.html or GuessGame.vbe  

Where the attachment GuessGame.html is previously saved in Desktop, My Documents or Temporary folder. If this file does not exist, Numgame sends another copy of itself (GuessGame.vbe) previously saved in Windows System folder.

The worm shows several message boxes trying to play a game with the infected user.

Numgame searches in particular folders and tries to delete several files from the infected computer and from all network drives.

It also changes the system date to 04-08-1981.

F-Secure Anti Virus currently detects Numgame by the heuristics.

Submit a Sample

Suspect a file or URL was wrongly detected?
Send it to our Labs for further analysis

Submit a Sample

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

More Info