Simple Worms Make Great Strides


A worm that debuted Tuesday had quickly climbed the malware chart to the number three spot by Wednesday, a Finnish security company said.

With a variety of names -- F-Secure calls it VB.bi, Symantec dubs it Blackmal.e, McAfee labels it MyWife.d -- the worm, said Helsinki-based F-Secure, is a simple Visual Basic (VB) construction that arrives as an e-mail file attachment. The worm also spreads through shared folders, and when activated tries to disable a number of security programs, including those sold by Symantec, McAfee, Trend Micro, and Kaspersky Labs.

One of its distinguishing features, noted the Internet Storm Center (ISC) in its alert is that "the attachment can be either an executable file or a MIME file that contains an executable file."

The latter tactic is meant to conceal the payload's danger; the MIME format is rarely used by attackers. One of the last great MIME-based attacks was the Nimda worm of 2001.

Blackmal.e/VB.bit/MyWife.d shoved its way into the third spot on F-Secure's updated virus list, and accounted for more than 11 percent of all malicious code the company intercepted in the last 24 hours. Only a pair of Mytob worms were more prevalent.

Symantec, which tagged the worm with a "2" in its 1 through 5 threat scale, has posted a free-of-charge removal tool on its Web site that deletes all traces of the malware.