Details:
Name: Worm/BritneyPic
Alias:
Type: Internet Worm
Discovered: 2502-2002
Size: ~11KB
ITW: No
Description:
Worm/BritneyPic is an Internet worm that spreads through email by using addresses it collects in the Microsoft Outlook Address Book, as well as, through mIRC. It arrives as a compiled HTML file, britney.chm, claiming to have free pictures of Britney.
Even if you don't use Outlook or OE you can still get this worm if you answer yes to the Active X warning. Read on to get more info. OE and
Outlook are only one component of this VBS scripting worm.
The worm is BRAND NEW so continue to check for updates at your software vendor's web site. I checked all sites and there are NO current updates for this worm. So this is your advanced warning.
The worm arrives through email in the following format:
Subject: RE: Britney Pics
Body: Take a look at these pics ...
Regards,
Attachment: Britney.chm
If executed, the worm displays the following:
Because it utilizes Active X around its Script to execute, the following Internet Explorer message is displayed asking the user if they want to run it.
If the user chooses "Yes", it then copies itself in the \windows\directory under the filename "Britney.chm". Additionally, the file "Script.ini" gets added in the \Mirc\ directory if installed.
There are other parts to this worm but to save on the techno lingo the above should cover enough info so you can be protected. The worm may or may not be in the Wild, but with the nature of the way the worm entices a user I can pretty much bet that it will be in the Wild soon. Check your email in the morning as people get to work. That is usually how the viruses spread.
If you have Zone Alarm activated and the scan for VBS files it MAY catch this worm and change the icon to a ZA icon. Just delete the message, same
as if you got the regular file. You can download Zone Alarm a free firewall at:
http://www.zonealarm.com