A new virus called Flea is on the loose. The Visual Basic Script worm disguises itself as the ‘signature file’ in HTML-formatted mail. Flea can execute automatically when users open HTML formatted emails in Microsoft Outlook or Outlook Express. Unlike most Windows nasties, the bug does not depend on a user opening an infectious file to do its mischief, Finnish AV vendor F-Secure warns. When an infected HTML email is rendered a webpage is loaded. This page contains JavaScript which in turn loads another webpage containing the VB Script which drops a file (C***.HTM) in the Windows folder. This file is also set to the signature of Outlook Express, furthering the spread of the worm. Flea changes Internet Explorer settings on infected machines as explained in F-Secure’s advisory . Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.