Overview
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
|
Minimum DAT
4301 (2003-10-31) Updated DAT4516 (2005-06-17) |
Minimum Engine
5.1.00 File Length1,271 Bytes |
Description Added
2003-12-16 Description Modified2003-12-16 |
Malware Proliferation
Characteristics
This threat is detected as VBS/Atale. When the trojan script is executed, the following message is displayed:
If YES is chosen, the following messages are displayed:
The trojan then shuts down the windows environment.
C:\Autoexec.bat is then modified with the following message:
Warning! illegal access error!
a fatal BIOS error, be incapable of data to load...
Symptoms
The above messages displayed. C:\Autoexec.bat contains the above message.
Method of Infection
Trojans do not self-replicate.
Removal
Use current engine and DAT files for detection and removal.
Using File Filtering with WebShield SMTP for WindowsNT(not applicable for Solaris):
Within the Configuration console select content filtering.
Select Add.
Add a Description for the content filter rule such as VBSBlock.
Select Filter on Attachment File name.
Filter on .vbs
Select OK.
Additional Windows ME/XP removal considerations
AVERT Recommended Updates:* scriptlet.typelib/Eyedog vulnerability patch
* Outlook as an email attachment security update
* Exchange 5.5 post SP3 Information Store Patch 5.5.2652.42 - this patch corrects detection issues with GroupShield
For a list of attachments blocked by the Outlook patch and a general FAQ, visit this link.
Additionally, Network Administrators can configure this update using an available tool - visit this link for more information.
Variants