JS/Feebs.X.fam@mm - Released Jan 18, 2006 - Last Updated Mar 13, 2007

Alias/es JS/Feebs.AG [F-Prot], JS/Feebs.BA!tr, JS/Feebs.X [F-Prot], JS/Feebs.X.gen@mm, JS_FEEBS.BA [Trend], W32/Feebs-Fam [Sophos], Worm.Win32.Feebs.gen [KAV]
Visible Symptoms Feebs opens a window saying it's trying to connect to a popular mail server (eg. MSN). It will also close some analysis and monitoring programs like those from SysInternals.
Detailed Analysis This detection is generalized to cover several variants of the Feebs virus family. The general characteristics are that the file arrives to a target system via email as an attachment. The attachment is commonly with a .HTA file extension. If the attachment is opened or run, it could potentiallly spread to others via email based on encrypted JavaScript command instructions.
Recommended Action FortiGate systems: check the main screen using the web interface to ensure the latest AV/NIDS database has been downloaded and installed -- if required, enable the "Allow Push Update" option FortiClient systems: Quarantine/Delete infected files detected

Fortinet