|VIRUS NAME : VBS/Horty.a@MM
This threat is detected as VBS/Pica.worm.gen. The virus may arrive as an email attachment JENNA-JAMESON-FREE-SUPERFUCK.TXT.vbs and will send an email using Outlook to all recipients in the Contact Folder in the following format:
Subject: Jenna Jameson pornostar free superfuck+photo addresses
Body: Do you wanna see super pornostar,Jenna Jameson,in a special superfuck? Double click on the attachment of this mail,and get also some interesting sex-sex-sex addreses... "
If the virus was executed from the A:\ or B:\ drive, it will copy itself to c:\x-FUCK.TXT.vbs. It then copies the following infected files to the Windows Directory: kernel32.vbs and JENNA-JAMESON-FREE-SUPERFUCK.TXT.vbs, ALEXIA.TXT.vbs to the Windows System Directory, and Natasa.TXT.vbs to the Windows Temp Directory. The following infected files can be created on A: or B: drive:
The following registry key is added so that the virus will run on the next boot up of the system:
A text file JENNA-JAMESON-FREE-SUPERFUCK.txt is created in the Windows Directory and then opened in Notepad. VBS/Horty.a@MM also uses an infection counter in HKLM\SOFTWARE\WUpdate, and will send emails out 4 times from an infected machine. If the day is 13th of May, the virus will delete the Windows directory. If the day is 12th of May, the following message will be displayed:
The above message displayed on the 12th of May. The deletion of the Windows directory on the 13th of May. The above registry change and the presence of some the following files:
Method Of Infection
Executing one of the above files, apart from JENNA-JAMESON-FREE-SUPERFUCK.txt, which is a plain text file.