W32/Thonic.B@mm
Analysis
This virus is 11,264 bytes in size. It contains instructions to write a short VBScript file that will send a copy of the virus using MS Outlook. Emails are sent in this format -
Subject = "Hey check out this funny video my friend sent me !"
Body = "Mail Body"
Attachments = "snowboard_accident.avi.exe"
The virus contains other instructions to send a copy of the virus using mIRC client however this portion of the code does not seem to work properly.
Loading at Windows startup
The virus will register itself to run at each Windows startup -
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\
cthonic = cthonic.exe
Miscellaneous
This virus contains references to Cthulhu (kuh-thoo-loo), a fantasy role-playing game -
Created by -=[YoG-SoTHoTH]=- on Sept2003
The Ancient Ones are near !!! Fear not these latter days of humanity...
Win32.CthonicWorm.1a by -=[Azag-TH0TH]=-
Recommended Action
Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |