SSIWG

Classification

Malware

Worm

VBS

SSIWG, I-Worm.SSWIG

Summary

VBS/SSIWG is a family of mass mailing worms generated with a virus construction kit.

Removal

Automatic action

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

Find out more
Knowledge Base

Find the latest advice in our Community Knowledge Base.

Product Manual

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


Variant:SSIWG.A@mm

When VBS/SSIWG.A@mm is executed, it copies itself to the Windows System directory as "Y072QWV.VBS". This file is also set to be executed in each system startup via following registry key:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\

Next the worm copies itself to the root of each network drive, and sends itself to all recipients in all address books using Outlook. Messages that VBS/SSIWG.A sends have the following characterstics:

Subject:

I'am missing U

 Body: Could u remember me ?

 Attachment: Y072QWV.VBS

Note: The name of the attachment can be other that "Y072QWV.VBS".The worm uses a counter in the registry, so the mass mailing will happen only every 20th run.

Date Created: -

Date Last Modified: -