About: Davinia   Sponge Permalink

An Entity of Type : dbkwik:resource/uazuHg3wEfJ5Uid5iYR3Jw==, within Data Space : 134.155.108.49:8890 associated with source dataset(s)

Davinia is an email worm that propagates through Microsoft Outlook utilising Microsoft Word 2000. The worm will send an infected email, with a seemingly empty body and subject line, with an embedded script in order to open another site, in order to download and open an infected Microsoft Word document. This document uses the "Office 2000 UA Control" exploit, in order to disable macro warnings without user confirmation. This allows for the macros to run without raising suspicion. Once the macro is run, it will send itself to all contacts found within Microsoft Outlook's address book.

AttributesValues
rdf:type
rdfs:label
  • Davinia
rdfs:comment
  • Davinia is an email worm that propagates through Microsoft Outlook utilising Microsoft Word 2000. The worm will send an infected email, with a seemingly empty body and subject line, with an embedded script in order to open another site, in order to download and open an infected Microsoft Word document. This document uses the "Office 2000 UA Control" exploit, in order to disable macro warnings without user confirmation. This allows for the macros to run without raising suspicion. Once the macro is run, it will send itself to all contacts found within Microsoft Outlook's address book.
dcterms:subject
dbkwik:malware/pro...iPageUsesTemplate
Platform
  • Microsoft Windows
Type
  • Worm
filetye
  • .HTML, .DOC
pl
  • VBS
AKA
  • Email-Worm.VBS.Davinia
Subtype
  • Email worm
abstract
  • Davinia is an email worm that propagates through Microsoft Outlook utilising Microsoft Word 2000. The worm will send an infected email, with a seemingly empty body and subject line, with an embedded script in order to open another site, in order to download and open an infected Microsoft Word document. This document uses the "Office 2000 UA Control" exploit, in order to disable macro warnings without user confirmation. This allows for the macros to run without raising suspicion. Once the macro is run, it will send itself to all contacts found within Microsoft Outlook's address book. The macro will drop a VBS file, "littledavinia.vbs" in the Windows directory, adding it to the system registry such that it will run on startup. The script will replace all rewritable files with a HTML file. Upon restart, Windows will not be able to start. The worm will show the following message upon execution:
Alternative Linked Data Views: ODE     Raw Data in: CXML | CSV | RDF ( N-Triples N3/Turtle JSON XML ) | OData ( Atom JSON ) | Microdata ( JSON HTML) | JSON-LD    About   
This material is Open Knowledge   W3C Semantic Web Technology [RDF Data] Valid XHTML + RDFa
OpenLink Virtuoso version 07.20.3217, on Linux (x86_64-pc-linux-gnu), Standard Edition
Data on this page belongs to its respective rights holders.
Virtuoso Faceted Browser Copyright © 2009-2012 OpenLink Software