Kaspersky Labs, an international data-security software developer, reports that two new Internet worms have been detected, trying to spread under the guise of important information about the anthrax virus.
Detailed analysis of the worms’ code has revealed that fatal bugs keep both worms from effectively propagating. However, it is highly possible that similar worms, with a more capable malicious program posing as the aforementioned subject, could appear in the future. Due to this fact, Kaspersky Labs recommends that users not open any attached files in which “anthrax” (or, “antrax” in Spanish) is mentioned.
These worms were created utilizing the virus generator “VBSWG,” and are simply another modification of the “Lee” family of script-viruses. The infamous malicious program “Anna Kournikova” also was written with the help of VBSWG.
Both worms can be delivered to computers via IRC channels (possibly under the client names mIRC or pIRCh). In all cases, the infected files have the names ANTRAXINFO.VBS or ANTRAX.JPG.VBS. The received e-mail appears as follows:
Informacion Sobre El Antrax
Como ahorita esta muy de moda hablar sobre
el antrax aqui te mando la foto de un enfermo
terminal,para que veas como se ponen
si no sabes que es el antrax o cuales son sus efectos aqui te mando una foto
para que veas los efectos que tiene
Nota:la foto esta un poco fuerte.
Upon start up of an infected file, the worms become system resident, and attempt to send copies of themselves to all recipients in the victim’s Microsoft Outlook address book. The worms destroy all files on a computer with the VBS and VBE extensions, writing their copies here instead.
Kaspersky Anti-Virus efficiently and effectively protects against this malicious code thanks to the built-in heuristic analyzer, not requiring any additional anti-virus database.