VBS.VBSWG.D@mm Virus (Burlington Web Magazine)

Directory of Burlington Vermont
area Web Sites and Information

You are here: Home : Top : computers-and-internet : VBS.VBSWG.D@mm Virus

VBS.VBSWG.D@mm Virus

We all know how annoying it is to get a message (be it instant messages or email) from some pornographer to go check out their web site. Many of us like to report porn site soliciters into their Internet Service Providers and uce@ftc.gov, which stands for Unsolicited Commercial Email @ Federal Trade Commission of the U.S. Government. Be aware however that there are new porn invitations out there that are sent out without the sender's knowledge or permission.

IBM employees received an alert from Susan M. Puglia, who is Vice President, Architecture, Standards, & Deployment Management. Susan's alert warned IBM employees that a new computer virus is spreading through the Internet and many corporate networks. This virus is new and antivirus software is being updated to include it.

The name of the virus is VBS.VBSWG.D@mm. (That's cursing ended with the word "damm", in case you didn't catch it.) It comes with the subject line "HOMEPAGE". The virus is an e-mail attachment called HOMEPAGE.HTML.VBS According to Symantec, this virus "is an encrypted VBScript worm that uses a known exploit to send itself to all recipients in an infected user's Microsoft Outlook address book. It also has a payload that opens a Web site that contains pornographic contents.

IBM employee were instructed, "If you see this virus in your in-basket, you should delete it immediately. Do not open, detach or view." The last thing IBM wants, is their employees being seen as recommending, being sucked into, or viewing porno sites with an IBM.COM ISP id. IBM sees this as a likely embarrassment for the company.

Norton AntiVirus (NAV) is being updated to include the new virus. You can execute NAV with these steps: Click on Start (in Windows, lower-left-hand corner of your screen), then Programs, Norton AntiVirus and LiveUpdate - Norton AntiVirus.

According to the Symantec web site: Due to an increase in submissions, the Symantec Anti-Virus Research Center (SARC) has upgraded this worm from a Threat Rating of 3 to 4. The Size of the attachment is 2,436 bytes. VBS.VBSWG2.X@mm sends itself to all recipients in your Microsoft Outlook address book. The email message has the following characteristics:

Subject: Homepage
Message:
Hi!

You've got to see this page! It's really cool ;O)

Attachment: Homepage.HTML.vbs

Prior to mailing itself out, the worm searches for email messages with the Subject of Homepage; if found, it deletes them. After mailing, the worm creates the registry key

HKEY_CURRENT_USER\Software\An\mailed
and sets it equal to "1". The presence of this registry key prevents the worm from running the email routine more than once. The worm then randomly selects one of four pornographic Web pages and opens it.

To remove this worm:

Run LiveUpdate to make sure that you have the most recent virus definitions.
Start Norton AntiVirus (NAV), and run a full system scan, making sure that NAV is set to scan all files.
Delete any files detected as VBS.VBSWG2.X@mm.

It is not necessary to remove the registry key that the worm added.

Click here to comment on this story.

ARTS AND HUMANITIES

AUTOMOTIVE

BUSINESS TO BUSINESS
(Sales and Services)

COMPUTERS AND
THE INTERNET

CRIMES AND LEGAL

EDUCATION
Colleges/Universities,
k-12,

ENTERTAINMENT

FINANCIAL SERVICES
AND THE ECONOMY

FOOD
Dining,

GOVERNMENT
AND POLITICS
City Government,
Local Issues and Opinions,
Politics and
Political Groups,

HEALTH AND SAFETY

MISCELLANEOUS

NEWS AND MEDIA

PUBLIC EVENTS

REAL ESTATE,
RENTING, AND HOUSING

RECREATION
AND SPORTS

RETAIL

SOCIETY AND CULTURE

TRAVEL AND
TRANSPORTATION
Lodging,
Public Transportation,

WEATHER

Click here for full
navigation menu

LINKS

NEWS

We have had

visitors since August 23^rd, 2001.

Click Here to GO TO TOP OF PAGE.

Tracking

TOC