Low-risk Internet worm making the rounds
- — 23 November, 2000 10:11
The Trojan horse program, which is hidden in an HTML (hypertext markup language) format e-mail message, carries two attached files that are executed automatically when an infected message is opened on PCs running Microsoft's Windows operating system and e-mail client software such as Outlook.
Unlike the ILOVEYOU Trojan horse program which carried a destructive load that created havoc throughout the world in May, Romeo and Juliet is not spreading very quickly and does not contain a critically-dangerous payload. It has been given a low-risk rating by leading antivirus companies including Computer Associates, F-Secure, Network Associates's McAfee AVERT (Anti-Virus Emergency Response Team) unit and Trend Micro.
Romeo and Juliet, also known as Verona or BleBla, arrives in an e-mail message with one of the following subject lines:
"Romeo&Juliet," ":))))))," "hello world," "!!??!?!?," "subject," "ble bla, bee," "I Love You ;)," "sorry...," "Hey you !," "Matrix has you...," "my picture" or "from shake-beer."
When the e-mail message is opened, Windows automatically activates a script that allows the program to drop the attached MyJuliet.chm file which then executes the other attached file, called MyRomeo.exe, that is capable of spreading itself to all e-mail addresses listed in the Windows Address Book via six SMTP (simple mail transfer protocol) servers located in Poland, where the virus was first discovered on 16 November.
More information about Romeo and Juliet, and protection advice, can be found on the antivirus companies' Web sites:
Computer Associates: http://www.cai.com/F-Secure: http://www.f-secure.com/Network Associates: http://www.nai.com/Trend Micro: http://www.antivirus.com/.