Selected viruses, spyware, and other threats: sorted alphabetically

VBS/Vierika.A is a worm written in Visual Basic Script.  It consists of an activating file which arrives by email and of a HTML code located on internet.  The worm’s ability to operate depends on the internet page that contains the code for spreading the worm.  The worm arrives in the form of an email message with subject "Vierika is here" and text Vierika.jpg in the body.  As attachment of this email comes a 344 bytes long file Vierika.JPG.vbs.
When the attached file is opened the computer is not infected immediately but the following keys are created in the system registry.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page", "http://web.tiscalinet.it/krivojrog/vierika/Vindex.html"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1201", 0 , "REG_DWORD"
The first key sets the start page of Microsoft Internet Explorer to web.tiscalinet.it/krivojrog/vierika/Vindex.html, the second one enables the worm to run the script contained in this page by setting safety to a low level.
Upon running Internet Explorer on a computer where the worm was activated, a page containing VBS script will be read in.  The VBS script takes care of spreading the worm.  First the file c:\Vierika.JPG.vbs will be created and then this file will be sent to all email addresses from the address book using the mail client Microsoft Outlook.
The worm's ability to operate depends on the abovementioned pages, if they are removed the worm is not able to spread further.

© 1992-2004 Eset s.r.o. All rights reserved. No part of this encyclopedia may be reproduced, transmitted or used in any other way in any other form or by any means without prior permission from Eset.