Virus writers get clever as Microsoft issues second security patch in fortnight

A virus author has found a novel way to get people to open his worm, by disguising it as a virus warning.

A virus author has found a novel way to get people to open his worm, by disguising it as a virus warning.

The worm - VBX.Hard.A&mm - has arrived in e-mail inboxes disguised as a virus alert from Symantec. Like the recent Homepage worm, it is written in Visual Basic Script and spreads through Outlook Express.

When users double click on the attachment, their default Web page is changed to a fake Symantec information page. The worm then sends itself to everyone in the infected PC's e-mail address book. It creates a dialogue box set to appear on 24 November that reads: "Don't look surprised! It is only a warning about your stupidity. Take care!"

The worm has made little impact because the original e-mail was sent to members of the discussion group alt.comp.virus, which includes security specialists, said George Cluley, senior technology consultant at Sophos Anti-Virus.

"The e-mail and the bogus page were crafty, but most people in the group were prepared for it. We've only received half a dozen reports worldwide, compared to 250 for Homepage," he said.

Meanwhile, Microsoft urged users of its Internet Information Services (IIS) software to install another patch, the second in two weeks.

The warning came a fortnight after Microsoft admitted an "extremely serious" flaw in an extension of Windows 2000 could allow attackers to gain control of computers running IIS 5.0.

Released yesterday, the latest patch plugs corrects errors made in a trio of earlier patches for the Web server package, two from March and one that became available last August.

The patch also fixes three newly discovered security holes, said Microsoft. One flaw could be allow an attacker to execute operating systems commands or programs. Another could be used to launch denial-of-service attacks against the File Transfer Protocol service and the third could enable a hacker to access guest user accounts.

Chris Mugan

Read more on Antivirus, firewall and IDS products