W32/Qizy.A
Analysis
- Virus is 32 bit with a compressed file size of 32,768
bytes
- Virus was written in Visual C++ and contains an
embedded VBScript component that contains instructions
to send the virus using Outlook to the first 666 contacts
in the Outlook address book
- The VBScript component attempts to compose an email
in this format and send it to others -
Subject = "Merry Christmas!"
Body =
"You've probably received enough e-cards. Here's a nice Christmas screensaver instead :)"
Attachments = "xmas.scr"
-
If the virus is run, it will extract the VBScript component, run it, then remove it from the hard drive
-
The virus will then begin searching for target executables to infect - if a suitable file is found, the virus will prepend itself to that file, increasing the file size by 32,768 bytes
Recommended Action
- Enable blocking of files with the extension .SCR via SMTP, POP and HTML protocol
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |