Trend Bulletin

GoneShootin

JS_GIGGER.A is a mass mailing worm that was created using JavaScript. It requires
Windows Scripting Host to be installed in a system to execute properly. Upon execution,
this worm drops files in the Windows system directory and then propagates via
Microsoft Outlook, Outlook Express, MAPI and mIRC. It infects HTML and ASP files
by appending its code to the files.

This worm can arrive in two different kind of emails.

Email Sample 1:
Subject: Outlook Express Update
Message Body: MSNSofware Co.
Attachment: MMSN_OFFLINE.HTM

Email Sample 2:
Subject: (email address of recipient)
Message Body: Microsoft Outlook 98
Attachment: MMSN_OFFLINE.HTM

During infection, while JS_GIGGER.A goes through all the files in the infected
system's hard drive and network drives, if the system date is 1, 5, 10, 15, or 20,
the worm resets the attribute of that file and deletes its contents so that the
file becomes zero in size.

For additional information about JS_GIGGER.A, please visit the
Trend Micro Virus Information Center at:
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=JS_GIGGE=
R.A

Trend Micro considers JS_GIGGER.A to be a very low risk virus and detection will be
available in the next official pattern release, #200 on or before January 15.

3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro in the US
(week of: December 31, 2001 through January 6, 2001)

---

1. WORM_BADTRANS.B
2. PE_MAGISTR.B
3. PE_MAGISTR.A
4. TROJ_DLDER.A
5. WORM_BADTRANS.A
6. WORM_SIRCAM.A
7. JS_EXCEPTION.GEN
8. PE_NIMDA.A
9. PE_NIMDA.A-O
10. PE_CIH