Hard
Yet another example of potentially disruptive social engineering, the recently discovered VBS.HARD.A virus poses as a virus alert from well-known anti-virus software company, Symantec, and takes advantage of Microsoft Outlook Express.
Here are the virus's characteristics:
- Subject: FW: Symantec Anti-Virus Warning.
- Message Body:
----- Original Message -----
From: <warning@symantec.com>
Subject: FW: Symantec Anti-Virus Warning
Hello,
There is a new worm on the Net.
This worm is very fast-spreading and very dangerous!
Symantec has first noticed it on April 04, 2001.
The attached file is a description of the worm and how it replicates itself.
With regards,
F. Jones
Symantec senior developer
- Attachment Name: www.symantec.com.vbs
Upon activation, the virus copies itself as www.symantec.com.vbs into the C:\ drive. It also attempts to create a fake Symantec virus information page about a nonexistent virus, VBS.AmericanHistoryX_II@mm, and sets this as the Start Page in Internet Explorer. The fake web page is created as C:\www.symantec.com.hta. The worm also attempts to deliver itself to everyone in your Microsoft Outlook Express address book. VBS.HARD.A includes a message-delivering payload, as well, which is triggered every November 24th and displays this pop-up box:
Be sure to visit your anti-virus software vendor's web site to update your virus definition files.
|
|
