New Virus --> VBS/Britney-A

Check out the details at silicon.com here:
http://www.silicon.com/public/door?REQUNIQ=1014930316&6004REQEVENT=&REQINT1=51686

 

Quote from the article:

 

In other recent news, virus researchers indicate it MAY ACTUALLY be a BAD idea to open e-mails claiming "open me - free pictures if you enable a very unsafe part of your operating system".  

 

Sophos virus article:

(from here: http://www.sophos.com/virusinfo/articles/britney.html

 

Sophos virus bulletin:

 

VBS/Britney-A

Name: VBS/Britney-A
Aliases: VBS/Breetnee, VBS/BritneyPic@MM, worm/BritneyPic
Type: Visual Basic Script worm
Date: 28 February 2002


At the time of writing Sophos has received just one report of this worm from the wild.

Description:

VBS/Britney-A is a mass-mailing worm which spreads via both Microsoft Outlook and IRC networks. It copies itself to BRITNEY.CHM in the Windows folder and then emails itself to all  addresses in the Outlook address list. The emails will have the following characteristics:

Subject Line: RE: Britney Pics
Body Text: Take a look at these pics ...
Attachment: BRITNEY.CHM

The worm requires ActiveX to be enabled for the VBS to run and so it prompts the user to enable ActiveX with the message "Enable ActiveX To See Britny Pictures".

VBS/Britney-A searches the C:, D: and E: drives for the presence of a file called MIRC.INI. If it finds a file of this name then the worm creates a SCRIPT.INI file which will then attempt to send copies of the files to other IRC users.

SCRIPT.INI will be detected by Sophos Anti-Virus as
mIRC/Simp-Fam.


Read the analysis at
http://www.sophos.com/virusinfo/analyses/vbsbritneya.html

 

Wow...same post, same time.

Scary...

 

Well I sure feel educated after reading all that! A simple link may have sufficed but nevertheless, as a "fascinated father" myself, I'm glad to have this advanced warning.

 

Hey JC,

Yep, same time  
I just wanted to delete my posting after I saw yours, but was too late  
Thanks for posting Javacool  

 

My friend got it!!!! He didn't open it (lucky he, ha). What concerns me is the fact that NOD32 doesn’t detect it (He has NOD32 for AV protection).

I told him that Eest will probably have update tomorrow or day after tomorrow... Isn't little late  

Technodrome

 

My system is, and always has been, completely, 100% immune from viruses like the above.  What software do I use to gain this protection?  None.  I simply couldn't give a sh*t about Britney so I'd never get past the subject line.

 

Hi all,
Excuse my ignorance, as i did not follow the developments of NOD32, which i thought to be about the best AV program, so why would it be supposed to catch worms?
As it's a VBS i'd suppose it will be stopped from running by your worm or vbs blocker/protection as well.
Just a question, not interested in Britney either.

 

Hi Paul

I think it's covered by today’s release. (As I thought)  

Technodrome