Other versions: .b
Virus.VBS.Rabbit.a (Kaspersky Lab)
is also known as:
VBS.Rabbit.a (Kaspersky Lab),
VBS/First.ow.gen (McAfee), VBS.Rabbit.A/B (Symantec), VBS/V10-546 (Sophos), VBS/First.A* (RAV), VBS_VBSV10 (Trend Micro), VBSV #1 (H+BEDV), VBS/First.A (FRISK), VBS:Rabbit (ALWIL), VBS/First.A (Grisoft), VBS.First.A (SOFTWIN), VBSV.1 (ClamAV), VBS/Rabbit.A (Panda), VBS/Rabbit.A (Eset)
| Description added |
Mar 07 2000 |
| Behavior |
VBS Virus |
This is a virus written in Windows Script language, and it is the first known
virus of this type, appearing in October 1998. This virus are quite simple -
just over 10 commands. It just searches for other script files in the current
directory and overwrites them.
The virus do this by using DOS shell commands "find-and-copy-over" and overwriting
all *.VBS (Visual Basic Script) files in the current directory.
This virus has a minor bug: when it is executed by a browser, the virus infects
all files in the browser's cache and copies them to the computer's Desktop (since
the browser's default directory is the Desktop). When this happens, the computer's
Desktop becomes filled with the icons of the infected scripts (the virus replicates
like a rabbit, which explains the basis for it's name - "Rabbit").
On the 15th of any month, the virus creates an URL file with the "CB.URL"
or "The CodeBreakers.URL" name (depending on the virus version), and writes
the URL reference there: "http://www.codebreakers.org". The major virus versions
then also run a browser with this URL. While this is occurring, the virus also
displays the following Message Box:
VBSv v1.0
by Lord Natas/CodeBreakers
The virus also contains the comments:
VBSv Version 1.0 by Lord Natas/CodeBreakers
First Windows Scripting Virus
