According to Computer Associates, the new Spammer.A worm is even more destrucive than the recent ILOVEYOU worm.
Spammer.A - which also goes by the names VBS.NewLove.A, VBS.Loveletter.FW, VBS.Spammer.A, Spammer and Newlove - arrives as an attachment to a message that has the subject 'FW:' followed by 'xxxx.yyy.Vbs' where xxxx is the filename of a recently used file on the system and yyy could be Doc, Xls, Mdb, Bmp, Mp3, Txt, Jpg, Gif, Mov, Url, Htm or Txt.
The worm sends itself to all entries in the users Microsoft Outlook address book potentially causing Internet and corporate network bottlenecks as well as mail server overload. The worm also makes the computer inoperable by renaming files on the hard drive and connected network drives and setting the file size to zero.
Each time the worm spreads it mutates, inserting into it's own code random comment lines.
Computer Associates had not heard of any Australian firms infected by the virus as of Friday night, claimed Marketing Manager David Sanday. However, given that the majority of corporate Australia had logged off from email not long after the virus was first reported, Australian companies are at greatest risk of virus infection outbreaks when employees return to work on Monday morning.
Other anti-virus software company's rate the new virus as a significant threat. Symantec define the damage and distribution threat as high and the wildness of the virus medium. McAfee describe it as a high-risk worm.
Trend Micro describe the worm as extremely destructive but have downgraded the risk from high to medium as they believe the outbreak has been contained. They do however recommend updating virus definition files to avoid infection.
Email users should delete attachments with VBS extensions without launching. Network administrators should block VBS attachments from passing through gateway servers. Updates to handle Spammer.A in leading anti-virus software packages have been released and it is recommended users apply the updates.