This is a worm written in Visual Basic Script language (VBS). It spreads through a network by coping itself to other computers in the network.
Upon being activated, the worm generates a random network IP address (for example 18.104.22.168), and tries to connect to all computers in this network. It changes the last octet of an address from 1 to 255 and tries to connect. If the connection is accepted, the worm copies itself to a connected computer on
If all computers in this network are inaccessible, the worm generates a new network IP address.
The worm creates a file “C:NETWORK.LOG”. In this file, the worm writes all of its activities. The file content appears as follows:
The spreading ability of this worm is very low, because search of a victim computer takes a lot of time and most computers reject a requested connection.