It’s only been two months since the javascript worm, JS_FEEBS.A started to infect systems and we are already on our 2 letter variants, the latest of which is JS_FEEBS.HT. Our honeypot system still catches a lot of this worm upto now.
The feebs malware is a dropper mailer combo. JS_FEEBS is a polymorphic JS file which is propagated via email, and upon execution, it either drops an exe file, or downloads the exe file, which is detected as WORM_FEEBS. The dropped exe file (WORM_FEEBS) then creates a new JS_FEEBS which it spams…and the cycle begins again.
Good news is, our generic pattern can detect the variants that is caught by our honeypot system.