The worm has been found in both English and Spanish-language versions and arrives in email inboxes with a subject line that reads "Anthrax" or "Antrax," according to both Kaspersky Labs and Symantec.
Included is an attachment called Antraxinfo.vbs or Antraxjpg.vbs that the message says is a picture of "the results" of Anthrax, but is actually a .VBS (Visual Basic Script) file used to execute the worm, the companies said.
When a user double clicks on the file, the worms attempts to overwrite all system files ending in .VBS and .VBE, as well as send itself to all addresses listed in the system's Outlook address book. It may also attempt to overwrite a Script.INI file used by chat clients, Symantec said.
However, because of a flaw in the way the worm is written, the worm fails to spread as intended.
The worm's email message reads: "If you don't know what antrax [sic] is or what the results of it are, please see the attached picture so that you can see the results that it has. Note: the picture might be too strong."
The design of the worm's message attempts to play upon heightened public awareness about anthrax after the disease has infected several people in the US.