A new variant of the Melissa virus, called VBS.Monopoly and specifically targeting Microsoft CEO Bill Gates, has been posted to virus list sites and is purported to be spreading across networks.
VBS.Monopoly spreads using the MS Outlook client, but unlike Melissa it utilises and was created with Visual Basic Script instead of MS Office Macros, according to ThunderStore, an antivirus company in the Netherlands, which posted an alert regarding the virus.
Supposedly spreading through e-mail, an infected message contains the subject line "Bill Gates joke", the message "Bill Gates is guilty of monopoly. Here is the proof. ;-)", and an image of Gates' face on a monopoly board. However, like Melissa, the virus will then send itself to all addresses in the Outlook address book.
VBS.Monopoly will also send another message to several public mail boxes at firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com and firstname.lastname@example.org. In this message, the virus will send a list of names and addresses from the Outlook address book, as well as information from the infected user's computer. The virus also modifies the system registry so that the information will not be sent again if a client is re-infected.
When the e-mail attachment Monopoly.vbs is activated by users, it creates the image file monopoly.jpg in a temporary folder, as well as a monopoly.wsh file and monopoly.vbe. The VBE file contains an encrypted VBScript and is executed with the WSH file, according to ThunderStore.
Not all antivirus vendors are overly worried about VBS.Monopoly, however, as they have not as yet received any cases of infections through their users or that the virus was in "the wild" and rampant among systems.
"This is interesting because of the payload, showing Bill Gates on the monopoly board, but it's not in the wild," said Sal Viveros, group marketing manager for Total Virus Defense, for Network Associates (NAI). "A competitor sent out an alert on it even though it wasn't in the wild, and they kind of jumped the gun. We have it at a low risk assessment."
NAI does admit that as more malicious individuals become aware of VBS.Monopoly's existence, that it may find its way to infecting networks.
"We do have it on our watch list of viruses that may become an issue," said Viveros. "As always, we recommend that customers get their anti-virus software updated."