The worm, also called Mawanella, first appeared early Thursday morning, according to Vincent Gullotto, senior director of Avert Labs, the anti-virus response division of anti-virus firm McAfee. The worm is related to the Homepage and Anna Kournikova worms that hit computers worldwide early in May and in February, respectively, and was likely created with the same worm writing kit.
Mawanella is a VBS worm, written in Microsoft's Visual Basic script and using Microsoft's Outlook Express e-mail client to spread itself. The worm appears as an e-mail with the subject line "Mawanella" and an attachment called Mawanella.vbs. When the attachment is double clicked, the e-mail is sent to all recipients listed in Outlook's address book. Also, a window pops up on the screen that depicts, using parentheses and slashes, a burning house. Beneath the picture, text reads:
"Mawanella is one of the Sri Lanka's Muslim village. This brutal incident happened here 2 Muslim Mosques and 100 shops are burnt. I hat this incident, What about you? I can destroy your computer I didn't do that because I am a peace-loving citizen."
If the worm is unable to resend itself using Outlook, another message pops up asking the user to "Please Forward this to everyone," according to an alert sent out by anti-virus company Central Command.
The worm is only medium risk, according to Gullotto, because it is not destructive but could spread quickly. Such mass e-mailers have the potential to overwhelm and crash corporate e-mail servers.
This worm functions in the same way and appears similar to other recent worms and thus "most people should realise what it is and that they shouldn't open it," Gullotto said.
The worm, however, does get opened and spread within companies despite filters which block .VBS attachments because many people have Yahoo or Hotmail e-mail accounts that they check at work, he said. Opening attachments from these accounts can also infect systems, he said.
McAfee anti-virus definitions have been released to cover Mawanella, he said.