high
Summary
Summary
Action- More Information
| Detected by | All Sophos products |
|---|---|
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Verona is an email-aware worm.
The worm arrives in an infected email, with two attached files: MYJULIET.CHM and MYROMEO.EXE.
When the email is viewed using Microsoft Outlook the attachments are automatically saved to c:\windows\temp and a script embedded in the email body is run to view MYJULIET.CHM using the Windows Help browser. This in turn causes MYROMEO.EXE to be executed.
The MYROMEO.EXE program attempts to use a list of six SMTP servers to forward itself to addresses in your Microsoft Outlook address book. The subject line of the email it sends is randomly chosen from the following:
"Romeo&Juliet"
":))))))"
"hello world"
"!!??!?!?"
"subject"
"ble bla, bee"
"I Love You :)"
"sorry..."
"Hey you !"
"Matrix has you..."
"my picture"
"from shake-beer"
This virus relies on a security vulnerability in Microsoft Outlook and Outlook Express to work. Microsoft has released a patch that eliminates the vulnerability. For further information and to download a patch please read Microsoft Security Bulletin (MS00-046).
|
