ColdApe.B is a macro virus that reaches computers in an infected Word 97 document, with a DOC extension. This document then infects the Word template (NORMAL.DOT file) and spreads its infection to every Word document generated with it. ColdApe.B obtains the IP address of the infected computer and sends it out to the follwoing e-mail address: avm@redneck.efga.org. It also modifies Visual Basic Script files (with a VBS extension).> In addition, ColdApe.B sends e-mail messages from the affected computer to the address nick@virusbtn.com, with the following message: Dear Nicky... my name is ... and I want to make hot monkey love with you. You anti-virus stud!. ColdApe.B does not spread automatically using its own means. It needs the attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, e-mail messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc. |