Bride of Funlove virus getting around

A new e-mail worm circulating on the Internet is capable of spreading a variant of the FunLove virus to vulnerable machines running Microsoft Corp.'s Windows operating system, according to statements released by three security companies.

The new worm, named W32/Braid.A or I-Worm.Bridex, arrives in an e-mail message without a subject and is contained in an attachment named README.EXE.

When recipients double click on the attachment, the worm copies a variant of the FunLove virus to the local system with the name BRIDE.EXE, alters the machine's system registry so that the virus is re-launched each time Windows starts, scans the user's Outlook address book and e-mails copies of itself to any addresses it finds.

By taking advantage of a known IFRAME vulnerability in Microsoft's Outlook, Outlook Express and Internet Explorer products, the new worm may be launched without user interaction, according to an alert posted by antivirus software maker Sophos PLC.

Microsoft issued a patch -- Microsoft Security Bulletin MS01-020 -- in 2001 which secures against these attacks, according to Chris Wraight, a technology consultant at Sophos. The patch can be downloaded from Microsoft's Web site. (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp)

Originally discovered in November 1999, FunLove is an e-mail worm that infects Windows portable executable files. The worm is capable of infecting executable files on the machine it infects, then spreading it to corrupt executable files in machines on a local- or wide area network. Opening any corrupted executable will launch a copy of the virus.

Like the original FunLove worm, the Bride variant does not appear to steal information from the machines it infects, though the worm does include information on an infected user's Windows software version and the Windows serial number in the body of e-mail messages it uses to spread itself, according to an alert posted by security company F-Secure Corp. of Helsinki.

The new worm is not known to have infected any machines, and appears to be an unsophisticated copy of the original FunLove worm, according to Wraight.

"On a scale of one to ten, I'd rate it a two," Wraight said.

Braid.A/Bridex is also notable for its use of tricks -- often referred to as "social engineering" -- to get potential victims to launch the worm. For example, the properties of the README.EXE file containing the virus identify the source of the file as "Anti Virus World System" from "Trend Microsoft Inc." according to an alert published by Computer Associates International Inc. "Trend Microsoft" is an amalgamation of antivirus software company Trend Micro Inc. and Microsoft.

To remove the Braid.A/Bridex worm, security companies recommend deleting all affected files from the infected machine and running antivirus software equipped to disinfect the FunLove virus. The Windows operating system may also need to be reinstalled to restore system files corrupted by the worm, according to Wraight.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul Roberts

PC World
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?