Fake virus warning carries worm

VBS.Hard.A is latest VBS worm in the wild
Written by Matthew Broersma, Contributor

Computer worms have tried all sorts of ploys for tricking users into activating them, but the latest is particularly sneaky -- it masquerades as a virus warning from Symantec, a well-known anti-virus firm.

Symantec has confirmed the existence of the worm, known as VBS.Hard.A@mm, VBS/Hard-A, or VBS/Hard@mm, and created software to detect it. So far, the virus has a low geographical distribution and has infected a small number of sites, according to a Symantec report published earlier this week.

The worm distributes itself -- like several in the past, including Love Letter Homepage -- as an attachment to an email message. The message is called "FW: Symantec Anti-Virus Warning," and claims to contain a description of a non-existent worm in an attached file.

When the attached file, www.symantec.com.vbs, is activated it changes the Microsoft Internet Explorer home page to a fake Web page, warning against a non-existent worm called VBS.AmericanHistoryX_II@mm. It also causes Outlook to send copies of the fake virus warning to all users in the address book.

On every 24 November, the computer will display the enigmatic message, "Don't look surprised! It is only a warning about your stupidity. Take care!"

The worm is relatively non-destructive, and to undo its effects, Symantec recommends deleting several files, making changes to the Windows registry and resetting the Explorer home page.

Microsoft has come under repeated criticism for allowing worms, such as VBS.Hard.A@mm and Love Letter, to proliferate by leaving the Visual Basic scripting tool active in the operating system, even though it is rarely used. Even when they cause relatively little damage, such worms can bring down entire corporate networks by sending out thousands of illicit emails.

Is your PC safe? Find out at the Hackers News Special.

How can you protect your PC from viruses? Find out at the Virus Workshop

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.

Editorial standards