W32/Thonic.B@mm

description-logoAnalysis

This virus is 11,264 bytes in size. It contains instructions to write a short VBScript file that will send a copy of the virus using MS Outlook. Emails are sent in this format -
Subject = "Hey check out this funny video my friend sent me !"
Body = "Mail Body"
Attachments = "snowboard_accident.avi.exe"
The virus contains other instructions to send a copy of the virus using mIRC client however this portion of the code does not seem to work properly.
Loading at Windows startup
The virus will register itself to run at each Windows startup -
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\
cthonic = cthonic.exe
Miscellaneous
This virus contains references to Cthulhu (kuh-thoo-loo), a fantasy role-playing game -
Created by -=[YoG-SoTHoTH]=- on Sept2003
The Ancient Ones are near !!! Fear not these latter days of humanity...
Win32.CthonicWorm.1a by -=[Azag-TH0TH]=-

recommended-action-logoRecommended Action

Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option

Telemetry logoTelemetry

Detection Availability

FortiClient
Extreme
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR