Bride of Funlove virus getting around

A new e-mail worm circulating on the Internet is capable of spreading a variant of the FunLove virus to vulnerable machines running Microsoft Corp.'s Windows operating system, according to statements released by three security companies.

The new worm, named W32/Braid.A or I-Worm.Bridex, arrives in an e-mail message without a subject and is contained in an attachment named README.EXE.

When recipients double click on the attachment, the worm copies a variant of the FunLove virus to the local system with the name BRIDE.EXE, alters the machine's system registry so that the virus is re-launched each time Windows starts, scans the user's Outlook address book and e-mails copies of itself to any addresses it finds.

By taking advantage of a known IFRAME vulnerability in Microsoft's Outlook, Outlook Express and Internet Explorer products, the new worm may be launched without user interaction, according to an alert posted by antivirus software maker Sophos PLC.

Microsoft issued a patch -- Microsoft Security Bulletin MS01-020 -- in 2001 which secures against these attacks, according to Chris Wraight, a technology consultant at Sophos. The patch can be downloaded from Microsoft's Web site. (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp)

Originally discovered in November 1999, FunLove is an e-mail worm that infects Windows portable executable files. The worm is capable of infecting executable files on the machine it infects, then spreading it to corrupt executable files in machines on a local- or wide area network. Opening any corrupted executable will launch a copy of the virus.

Like the original FunLove worm, the Bride variant does not appear to steal information from the machines it infects, though the worm does include information on an infected user's Windows software version and the Windows serial number in the body of e-mail messages it uses to spread itself, according to an alert posted by security company F-Secure Corp. of Helsinki.

The new worm is not known to have infected any machines, and appears to be an unsophisticated copy of the original FunLove worm, according to Wraight.

"On a scale of one to ten, I'd rate it a two," Wraight said.

Braid.A/Bridex is also notable for its use of tricks -- often referred to as "social engineering" -- to get potential victims to launch the worm. For example, the properties of the README.EXE file containing the virus identify the source of the file as "Anti Virus World System" from "Trend Microsoft Inc." according to an alert published by Computer Associates International Inc. "Trend Microsoft" is an amalgamation of antivirus software company Trend Micro Inc. and Microsoft.

To remove the Braid.A/Bridex worm, security companies recommend deleting all affected files from the infected machine and running antivirus software equipped to disinfect the FunLove virus. The Windows operating system may also need to be reinstalled to restore system files corrupted by the worm, according to Wraight.

Join the newsletter!

Or
Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul Roberts

PC World
Show Comments

Essentials

James Cook University - Master of Data Science Online Course

Learn more >

Mobile

Victorinox Werks Professional Executive 17 Laptop Case

Learn more >

Exec

Budget

Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?