Antivirus companies have long cautioned users against opening email attachments sent by strangers, but thanks to a new email worm spreading this week, antivirus companies can add themselves to the list of not-to-be-trusted emailers.
Worm cloaked as virus alert from security firm
The worm, called VBS.Hard.A@mm, shows up in users' in-boxes disguised as a virus alert from antivirus firm Symantec, the company said in a virus alert. 'FW: Symantec Anti-Virus Warning' is the subject line, and the email carries an attachment bearing the name 'www.symantec.com.vbs'.
The relatively innocuous worm, like many other recent worms, is written in Microsoft's Visual Basic script and propagates through the company's Outlook Express email client. This is easily avoided by disabling Visual Basic.
The email carrying the worm is sent by 'F Jones', whom the email identifies as a Symantec senior developer. When a user double-clicks on the attachment, launching the file, a number of things happen. First, the browser's default home page is changed to a fake Symantec virus information site. The worm then sends itself to everyone in the infected PC's Outlook Express address book.
The worm also makes some changes to Registry files. Lastly, it creates a dialog box which will appear every 24 November and reads, "Don't look surprised! It is only a warning about your stupidity. Take care!"
Though the worm is low risk and does not cause serious damage, it is likely to spread quickly, Symantec said.
Click here to read how to turn off VBS on your PC.