Flea bugs Windows users
VBS malware on the loose
A new virus called Flea is on the loose. The Visual Basic Script worm disguises itself as the ‘signature file’ in HTML-formatted mail.
Flea can execute automatically when users open HTML formatted emails in Microsoft Outlook or Outlook Express. Unlike most Windows nasties, the bug does not depend on a user opening an infectious file to do its mischief, Finnish AV vendor F-Secure warns.
This file is also set to the signature of Outlook Express, furthering the spread of the worm. Flea changes Internet Explorer settings on infected machines as explained in F-Secure's advisory .
To hide itself and to make analysis more difficult, Flea uses several encryption layers.
F-Secure has received "multiple reports of this worm from Asia and Europe". Rival AV vendors give Flea a much lower risk rating.
AV vendor Sophos, for example, has so far received just one report of this worm in the wild.
Vendors have updated signature definition files to detect Flea, which once again highlights the security risks of using Microsoft email clients in default configurations. ®