VBS_CRIGENT.LK
Posted: April 10, 2014
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 4,490 |
|---|---|
| Threat Level: | 1/10 |
| Infected PCs: | 2,813 |
| First Seen: | April 10, 2014 |
|---|---|
| Last Seen: | October 14, 2023 |
| OS(es) Affected: | Windows |
VBS_CRIGENT.LK is a worm that spreads through Windows document files and uses innovative methods of evading detection while exploiting your PC. Although VBS_CRIGENT.LK's intended payload may possess other functions, malware researchers can infer that VBS_CRIGENT.LK gathers potentially sensitive information from infected PCs and makes communication with external servers that, in theory, could exert control over the machine. Deleting VBS_CRIGENT.LK, like all threats that try to remain in stealth, requires both appropriate anti-malware products and supportive security protocols, such as using Safe Mode, to thwart any possible interference.
How Windows PowerShell Empowers a Worm's Attacks
Many PC threats base themselves on simple executable files, but malware experts also find that some especially well-camouflaged forms of threats use other means of structuring their attacks. VBS_CRIGENT.LK is an example of this threatening software and exploits the Windows PowerShell – a command-line utility inherent to Windows 7, and compatible with most other versions of Windows – for attacking the infected PC. VBS_CRIGENT.LK's distribution is closely-tied to other threats with threat-downloading capabilities, and, historically, is associated with Microsoft Excel and Word documents that disguise its installer.
VBS_CRIGENT.LK also includes software-downloading functions unto itself, which VBS_CRIGENT.LK uses to install separate components. These components are unlikely to trip the flags of many security programs, since they are legitimate products – albeit ones that are used for unsafe purposes, such as the anonymity-enabling Tor browser.
Although VBS_CRIGENT.LK may be reconfigured for other attacks, malware analysts have found that its default payloads encompass the following functions:
- VBS_CRIGENT.LK may gather system information and transmits this data back to its C&C server. Information gathered may be used for other attacks and includes the OS version, the user account's privilege settings, geographical data and details about installed versions of Microsoft Office.
- VBS_CRIGENT.LK listens for additional instructions from its server whenever Windows starts, which lets VBS_CRIGENT.LK launch new attacks as instructed.
- Most significantly, VBS_CRIGENT.LK does have the ability to create copies of itself, for which malware experts have found VBS_CRIGENT.LK worthy of classifying as a worm. VBS_CRIGENT.LK's copies hide within Microsoft DOC and XLS file types, and VBS_CRIGENT.LK even may delete similar file types (such as the modern DOCX) to replace them with infected versions. Launching any of these files also will launch VBS_CRIGENT.LK. The modifications made have the potential to damage a file's normal data, rendering it unreadable.
Spotting the Worm Peeking out of Your Documents
VBS_CRIGENT.LK does its best to hide itself from any victims, but you may be able to notice the components of non-threatening programs being exploited by VBS_CRIGENT.LK, such as the Tor browser or the Polipo Web proxy. Another giveaway of VBS_CRIGENT.LK infections that malware researchers have verified is that VBS_CRIGENT.LK does not use the latest Microsoft Office formats and prefers to delete and replace them with the old DOC and XLS file formats. Accordingly, if you see a DOCX file suddenly 'transformed' into DOC, it may be a sign of tampering by VBS_CRIGENT.LK.
Anti-malware tools should disinfect any PC compromised by this worm, and you should be cautious about avoiding opening any files that could re-trigger VBS_CRIGENT.LK's installation, including most Microsoft Office file types. VBS_CRIGENT.LK is a recently-identified worm that's notable primarily for its extensive use of legitimate software and online services during its installation and attacks – making it correspondingly difficult to confirm threatening activities.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.