FRISK Software International

Virus Info > Virus Threats > Godzilla@m


Summary of VBS/Godzilla@m
Alias:VBS/Godzilla.A@m, I-Worm.Godzilla
Discovered: 21 Aug 2002
Definition files: 21 Aug 2002
Infection Method:slow mass-mailing
 
Jump to:
Brief description
Technical description

Brief Description
Godzilla is a slow mass mailing worm. It activates in a similar way as JS/Kak, by reading an infected email message.


Technical Description

Godzilla.A uses Outlook Express 5.0 to spread as HTML source in each email from infected machine. To do this it saves its code in Update.hta in Windows Startup folder:

C:\WINDOWS\START MENU\PROGRAMS\STARTUP\

so it will be executed next time when the system is restarted.

The virus also saves itself in C:\Windows folder in a file Sign.html. By modifying the Windows registry:

HKCU\Identities\DefaultUserID\Software\Microsoft\OutlookExpress\5.0\Signatures

it changes Outlook Express signature to use Sign.html. On that way the worm code will be embedded in each outgoing email message.

If the date is October 10th, VBS/Godzilla.A shows a message box with a the following text:

Have you danced with the devil in the moonlight ?

VBS/Godzilla.A@m also contains the following comment on the top of its code:

I-Worm.Godzilla Coded by Zorro



[Analysis: Katrin Tocheva; F-Secure Corp.; August 21st, 2002]
 
Virus Info by Platform

Virus Info by Letter:

F-PROT Antivirus Alerts
Stay up to date with important developments via e-mail.
more...
Life cyle policy
Stay up to date with life cycle policies for F-PROT Antivirus for Windows.
more...
RSS News Feeds
Virus news and information directly to your desktop.
more...
Glossary of Terms
Definitions of common antivirus terminology.
more...
More Virus Info
For further virus information, please try our partners' websites:

Authentium

perComp Verlag
(in German)
 

agoat@klaki.net argentina@f-prot.com argentina@frisk.is argentina@complex.is argentina@f-prot.is argentina@frisk-software.com argentina@f-prot.net argentina@f-prot.co.uk brazil@f-prot.com brazil@frisk.is brazil@complex.is brazil@f-prot.is brazil@frisk-software.com brazil@f-prot.net brazil@f-prot.co.uk malta@f-prot.com malta@frisk.is malta@complex.is malta@f-prot.is malta@frisk-software.com malta@f-prot.net malta@f-prot.co.uk a.bjani@f-prot.com a.bjani@frisk.is a.bjani@complex.is a.bjani@f-prot.is a.bjani@f-prot.co.uk a.bjani@frisk-software.com a.bjani@f-prot.net z.fifl@f-prot.com z.fifl@frisk.is z.fifl@complex.is z.fifl@f-prot.is z.fifl@f-prot.co.uk z.fifl@frisk-software.com z.fifl@f-prot.net strumpuri@complex.is strumpure@complex.is strumpuru@complex.is 00a@eircom.net 0maaahonyy@eircom.net 950@eircom.net af@eircom.net am@eircom.net ar@eircom.net as@eircom.net b1@eircom.net boss3@eircom.net ceih@eircom.net cera@eircom.net chxe@eircom.net cs@eircom.net cydw@eircom.net d71@eircom.net dpfy@eircom.net dzuv@eircom.net ehpa@eircom.net epin@eircom.net f1@eircom.net fa@eircom.net fdld@eircom.net fdnv@eircom.net gacg@eircom.net gafj@eircom.net gc@eircom.net gz@eircom.net ha@eircom.net he@eircom.net ia@eircom.net ja@eircom.net k2@eircom.net lleahy6@eircom.net m1@eircom.net no@eircom.net pb@eircom.net qq@eircom.net r6oo@eircom.net ra@eircom.net s2@eircom.net t2@eircom.net ua@eircom.net va@eircom.net vb@eircom.net w2@eircom.net ww2@eircom.net xxxkiss@eircom.net y1@eircom.net ya@eircom.net zz@eircom.net