|
Name: VBS/FreeLinks.A Aliases:Freelinks, VBS.Freelink Type: Encrypted Worm
VBS/FreeLinks.A is an encrypted worm that is written in VBScript and is now in-the-wild. It infects Windows 98 Windows 2000 and other Windows systems that support VB Scripting language. When it is executed, the worm sends a copy of itself through Outlook, IRC chat client scripting and shared network drives. There is no known destructive payload. When executed, the worm creates a file [RUNDLL.VBS] in the Windows System directory and modifies the registry so that RUNDLL.VBS is executed when the system is booted up:
The worm displays a dialog box containing the following text:
The worm will also spread itself using Outlook by mailing itself out as an attachment named LINKS.VBS to all address book entries. Subject: "Check This" To: [no entry in this field] Message Body: "Have fun with these links. Bye."
|