Fake virus warning carries worm

Computer worms have tried all sorts of ploys for tricking users into activating them, but the latest is particularly sneaky--it masquerades as a virus warning from Symantec, a well-known anti-virus firm.

Computer worms have tried all sorts of ploys for tricking users into activating them, but the latest is particularly sneaky--it masquerades as a virus warning from Symantec, a well-known anti-virus firm.

UNITED KINGDOM (ZDNet UK) - Symantec has confirmed the existence of the worm, known as VBS.Hard.A@mm, VBS/Hard-A, or VBS/Hard@mm, and created software to detect it. So far, the virus has a low geographical distribution and has infected a small number of sites, according to a Symantec report published earlier this week.

The worm distributes itself--like several in the past, including Love Letter Homepage--as an attachment to an e-mail message. The message is called "FW: Symantec Anti-Virus Warning," and claims to contain a description of a non-existent worm in an attached file.

When the attached file, www.symantec.com.vbs, is activated it changes the Microsoft Internet Explorer home page to a fake Web page, warning against a non-existent worm called VBS.AmericanHistoryX_II@mm. It also causes Outlook to send copies of the fake virus warning to all users in the address book.

On every 24 November, the computer will display the enigmatic message, "Don't look surprised! It is only a warning about your stupidity. Take care!"

The worm is relatively non-destructive, and to undo its effects, Symantec recommends deleting several files, making changes to the Windows registry and resetting the Explorer home page.

Microsoft has come under repeated criticism for allowing worms, such as VBS.Hard.A@mm and Love Letter, to proliferate by leaving the Visual Basic scripting tool active in the operating system, even though it is rarely used. Even when they cause relatively little damage, such worms can bring down entire corporate networks by sending out thousands of illicit emails.