A worm is standalone malware that does not require any user interaction in order to infect and spread across a network. The focus of a worm is to compromise as many machines in a network as possible. The worm you look at here spreads across a network by finding your Microsoft email contacts and sending spam emails automatically from your computer. These emails contain the worm, which can then be unsuspectingly downloaded onto the new computer device.
- Let's take a look at the worm we are going to analyze. Here, we see the wormDemo.vbs file, which is the worm. VBS is the extension for Visual Basic Script files. After starting the worm, this Microsoft Outlook message pops up saying that a program is trying to access email address information. An Outlook message then pops up saying that the item that is going to be emailed on your behalf contains an attachment that is potentially unsafe. That's the worm sending itself using the Outlook profile currently connected on the computer. When this worm is uploaded to virustotal.com, a website that scans files and cross checks their hash signature with that of every antivirus program in existence, we can see that, after it completes its scan, it's detected as a worm by half of the programs in existence and it's marked as a Visual Basic Script email worm.