W32/Scold.A@mm
Analysis
- Virus is 32bit with a compressed file size of 28,160
bytes
- Virus is introduced to a target system via an email
attachment from another infected user
- If the virus is run, it may copy itself to the
undefinedWindowsundefined folder as "warm.scr" and modify
the registry to auto run this virus at next Windows
startup
- The virus will create an email message for each
contact listed in the Windows address book - the email
message may be slightly varied with the following
properties -
Subject: undefinedx When It´s Cold Outside She Gives Me Warm Inside undefinedrandom
Body 1:
You will love this cute picture.Body 2:
Enjoy this great picture.Body 3:
Don't miss this cool picture.Additional Body text -
============= Free Online Virus Scan =============
100undefined VIRUS FREE
No viruses or suspicious files were found in the attached file.
Attachment: undefinedrandom.scr
-
In the example above, undefinedx is either no value, or it's one of the following -
Fw:
Re:And undefinedrandom is random letters
Recommended Action
- Enable blocking of .SCR file attachments using FortiGate
manager interface for POP3, SMTP and IMAP email services
- Add the following words to the Email quarantine
feature of FortiGate -
Cold+Outside+She+Gives+Me+Warm+Inside
-
Configure email server applications to quarantine emails tagged by FortiGate and delete as necessary
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |