x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

San

 
Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:San
Technical name:VBS/San.A-m
Threat level:Low
Alias:San.A, San.A-m, VBS/San.A-m, HERNOBYL, SPACEFI, San Valentín, Happy San Valentín
Type:Virus
Effects:  

It modifies names of directories, deletes files in the root directory of the hard disk, sends messages to mobile phones chosen at random and changes the Internet Explorer homepage. It spreads via e-mail and IRC.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

Detection updated on:Dec. 26, 2003
StatisticsNo
Family:VALENTIN

Brief Description 

    

San is a worm that changes the browser Internet Explorer homepage.

San modifies the name of directories by adding the text string happysanvalentin at the end. It also deletes files in the root directory of the hard disk and sends messages to mobile phones chosen at random.

In addition, San spreads via e-mail, hidden in the HTML code of the AutoSignature of messages sent from the affected computer. It can also spread just by automatically sending itself out through IRC chat channels.

It is very easy to become affected by San, as it is automatically activated when the message is viewed through Outlook Preview Pane. It does this by exploiting a vulnerability in Internet Explorer (versions 5.01 and 5.5), which allows files attached to e-mail messages to be automatically run.

San exploits the Scriptlet.TypeLib vulneravility, which is critical for Microsoft Internet Explorer 4.0 and 5.0. If you have Microsoft Internet Explorer 4.0 and 5.0 program, it is highly recommendable to download the security patches for this vulnerability from the Microsoft website.

Visible Symptoms 

    

San is easy to recognize, as it displays the following MS-DOS windows on screen once it has been executed:

Then, San carries out several actions on the background, and displays the following window: