Flea bugs Windows users

VBS malware on the loose

A new virus called Flea is on the loose. The Visual Basic Script worm disguises itself as the ‘signature file’ in HTML-formatted mail.

Flea can execute automatically when users open HTML formatted emails in Microsoft Outlook or Outlook Express. Unlike most Windows nasties, the bug does not depend on a user opening an infectious file to do its mischief, Finnish AV vendor F-Secure warns.

When an infected HTML email is rendered a webpage is loaded. This page contains JavaScript which in turn loads another webpage containing the VB Script which drops a file (C***.HTM) in the Windows folder.

This file is also set to the signature of Outlook Express, furthering the spread of the worm. Flea changes Internet Explorer settings on infected machines as explained in F-Secure's advisory .

To hide itself and to make analysis more difficult, Flea uses several encryption layers.

F-Secure has received "multiple reports of this worm from Asia and Europe". Rival AV vendors give Flea a much lower risk rating.

AV vendor Sophos, for example, has so far received just one report of this worm in the wild.

Vendors have updated signature definition files to detect Flea, which once again highlights the security risks of using Microsoft email clients in default configurations. ®

Sponsored: 10 ways wire data helps conquer IT complexity