1. /
  2. Security Response/
  3. VBS.Biscuit.A@mm

VBS.Biscuit.A@mm

Risk Level 1: Very Low

Discovered:
September 26, 2003
Updated:
February 13, 2007 12:07:57 PM
Also Known As:
Worm.Win32.Registra [KAV], VBS/Bisquit [McAfee]
Type:
Worm
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

VBS.Biscuit.A@mm is a mass-mailing worm that sends itself as an attachment to the first 50 email addresses in the Microsoft Outlook Address Book.
The email message will have the following characteristics:

Subject: Adsl no problem!!!
Attachments: Adsl_no_problem.pdf<184 spaces>.vbs

The worm attempts to copy itself to both the local host and reachable remote network shares. It will copy itself to the root of the network share as Netlog.vbs.
The worm will also copy the original worm filename to the following folders if it is able to copy netlog.vbs to the root of the share:
  • <network share root>\Windows\Menu Avvio\Programmi\Esecuzione automatica
  • <network share root>\Windows\startm~1\programs\startup
  • <network share root>\Windows
  • <network share root>\Windows\start menu\programs\startup
  • <network share root>\Win95\start menu\programs\startup\
On the 10th of every month, VBS.Biscuit.A@mm will display a pop-up message.

Antivirus Protection Dates

  • Initial Rapid Release version September 26, 2003
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version September 26, 2003
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date October 1, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Moderate

Damage

  • Damage Level: Medium

Distribution

  • Distribution Level: Medium
Writeup By: Kevin Ha

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver