A new worm, called Hard.A, has been discovered that arrives in a spoofed email and appears to be a message from Symantec, a leading antivirus software vendor. The message subject reads "Symantec Anti-Virus Warning," and the message itself contains a file attachment (www.symantec.com.vbs) that, among other things, triggers the worm each November 24. Once triggered, the worm displays a message that reads, "Don't look surprised! It is only a warning about your stupidity. Take Care!"
According to Symantec, the worm was first discovered May 12 and has not spread yet beyond 50 systems. The attacker designed the infectious email message to look like a virus warning that a Symantec developer issued. The bogus warning tells users of a nonexistent worm called "VBS.AmericanHistoryX_II@mm." Once the user triggers the worm by opening the attachment, the worm creates and loads a fake Symantec Web into the user's Web browser each time the user launches the browser. The worm spreads itself to other users by sending copies to everyone listed in the user's Outlook Address Book.
Fortunately, the worm doesn't destroy system files; however, Symantec expects the worm to spread fast. Nonetheless, the company said that removing the worm is a simple process: The user deletes any files and registry entries that the worm creates, and resets the Internet Explorer (IE) default start page.
