Definitely Not Shakespeare

We at SophosLabs encountered a new variant of the W32/SillyFDC family of worms today, detected as W32/SillyFDC-BQ.

Besides its usual habits of spreading via removable drives, masquerading as a Microsoft file and terminating Internet security applications, this variant also modifies one of the the registry entries inside

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

with a rather unusual message. As a result, when the user logs into the infected computer, a message box appears on the screen with a title of:

“Kaget ya mas, Santai mas, santai!!!!!!!!!!! – Angelo425”

and the following message:

“Woman’s heart is like deep ocean to keep their secret

Although love is like mbhuerruh things ruwet semrawut

but this is ….

ANGELO425….By : AnkrinkComClbbr”

What’s next, Shakespeare?