F-Secure issued a warning about a newly discovered worm called Vierika, which is written in Visual Basic (VB). The worm lowers the security settings of Microsoft Internet Explorer (IE) browsers and changes the browser's start page to a Web page in Italy. The page in Italy is visually blank except for a hit counter and a line of text that reads, "The Matrix is Control." However, the page contains code embedded into the HTML that executes on a user's system when IE connects to the page with low security settings. The code mails a copy of the worm to everyone listed in Outlook's address book.
The Vierika worm arrives with a subject of "Vierika is here." The message is empty except for a file attachment called vierika.jpg.vbs. The worm plays on a nuance with older versions of Outlook where only the first filename extension is displayed. For example, affected users might see a file attachment called vierika.jpg instead of vierika.jpg.vbs. In such a case, users might think the file is a harmless .jpg image because Outlook did not display the remaining .vbs file extension. If the user opens the file, the VB code executes, thereby infecting the system.
F-Secure added Vierika protection to its F-Secure Anti-Virus solution on March 5. Readers should contact the antivirus vendor of their choice to receive the latest antivirus updates.
