Forwarded from: Nelson Murilo <nelsonat_private> http://www.idgnet.co.nz/webhome.nsf/UNID/F0EB966E15F4A1F8CC256AE9000B66B0!opendocument Sam Costello, BOSTON A new mass mailer worm, purporting to provide information about the disease anthrax, has appeared on the internet, but is being hampered because of a flaw in its design, antivirus companies said this week. The worm has been found in both English and Spanish-language versions and arrives in inboxes with a subject line that reads "Anthrax" or "Antrax," according to both Moscow-based Kaspersky Labs and California's Symantec. Included is an attachment called Antraxinfo.vbs or Antraxjpg.vbs that the message says is a picture of "the results" of Anthrax, but is actually a .VBS (Visual Basic script) file used to execute the worm, the companies say. When the file is double-clicked, the worm attempts to overwrite all system files ending in .VBS and .VBE, as well as send itself to all addresses listed in the system's Outlook address book, they say. It may also attempt to overwrite a Script.INI file used by chat clients, Symantec says. However, because of a flaw in the way the worm is written, the worm fails to spread as designed, both companies say. The body text of the worm reads: "If you don't know what antrax is or what the results of it are, please see the attached picture so that you can see the results that it has. Note: the picture might be too strong." In Spanish the worm says, "Si no sabes que es el antrax o cuales son sus efectos aqui te mando una foto para que veas los efectos que tiene. Nota: la foto esta un poco fuerte." The design of the worm's message attempts to play upon heightened public awareness in the United States about anthrax after a rash of infections and scares about the disease in the last week. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Oct 19 2001 - 14:22:32 PDT