Anthrax Spreading on the Internet?
Page 1 of 1
Security firms Tuesday warned that two worms have been discovered in the wild that attempt to play on recipients' fears concerning Anthrax. However, the firms also gave the worms a low threat assessment, noting that fatal bugs keep either worm from propagating successfully.
The e-mails that deliver the worms are both written in Spanish, and were created using the "VBSWG" virus generator that has been used to create other script-viruses in the "Lee" family of viruses, including the wide-spread Anna Kournikova worm. The e-mails arrive with the subjects "Informacion Sobre El Antrax," or "Antrax Info."
Russian security firm Kaspersky Labs said both worms can be delivered to computers via IRC channels (possibly under the client names mIRC or pIRCh), and that in all cases the infected files have the names ANTRAXINFO.VBS or ANTRAX.JPG.VBS.
Symantec said the body of one of the e-mails, in translation, says, "If you don't know what anthrax is or what the results of it are, please see the attached picture so that you can see the results that it has. Note: the picture might be too strong."
"Detailed analysis of the worm's code has revealed that fatal bugs keep both worms from propagating successfully," said Denis Zenkin of Kaspersky Labs. "However, it is highly possible that similar worms, with a more capable malicious program posing as the aforementioned subject, could appear in the future. Due to this fact, Kaspersky Labs recommends that users not open any attached files in which "anthrax" (or, "antrax" in Spanish) is mentioned."