VBS.Pinprick@mm

From Symantec:

"VBS.Pinprick@mm is a mass-mailing worm that infects the .htm and .vbs files. This worm requires a MAPI-compliant email client, such as Microsoft Outlook, to propogate. The email will have a variable subject name and an attachment named Winhtm32.html.

Type: Worm
Infection Length: one file
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Macintosh, OS/2, UNIX, Linux


VBS.Pinprick@mm will arrive as the body of an email with one of the following subjects:

Nothing Special
Uninstall information
Password confirmation
Notice
Re:
Some news
Hello
MP3s
Just a reply
Email changes
Reminder
File backup
Webpage builder
Some documents
Jokes
Some notes
Backup data
New <word> where <word> is one of the following:
sign up
login
email
download
password
domain
document
spreadsheet
file
webpage
<word 1> <word 2>
where <word 1> is one of these:
Email
Business
Web
Confidential
Printer
Webpage
and <word 2> is one of the following:
passwords
files
documents
spreadsheets
folders
notes
tools
guides
scripts
summary
overview

Once VBS.Pinprick@mm is executed, it does the following:
Mails itself to all the contacts in your address book.


Copies itself as:
%Startup%Winwsh32.vbs (%startup% represents your startup folder such as C:WindowsStart MenuProgramsStartup on 9x systems)
%Windir%Login32.vbs
%Windir%Winmsgc.vbe
%System%Winmsgc32.vbs
%System%Winmsgc.vbe


Appends itself to all the .vbs, .htm and .html files on the local and mapped drives.

Due to bugs in the worm, it may not always be able to correctly attach itself to email messages."


Get more information Here: http://www.symantec.com/avcenter/

Regards, Jade.