A new worm has been discovered this week which not only emails itself to all email addresses in Microsoft Outlook's address book, but also uses IRC and AOL Instant Messenger (AIM) to spread itself.
A Symantec New Zealand spokesperson says the W32.Aphex@mm worm reflects the latest trend where virus writers are using a combination of instant messaging and social engineering to spread viruses (see Gibe virus makes use of smart social engineering, New email worm selects native language for recipients and MyParty virus has probably done its dash).
The Symantec Security Response has given the worm a two rating on a scale of five. It is not a widespread threat, but Symantec advises users download the most up-to-date virus definitions available.
The worm is also known as W32.Aplore@mm and Bloodhound.VBS.Worm.
When received in Outlook, the email consists of the following (the subject and message each contain only a full-stop):
Once the attachment is run, the local machine is infected. The worm waits for users to connect to AIM and sends a one-line message to AIM contacts (such as "Have you seen", "try this" or "this is cool).
McAfee rates the worm as low risk. It says that when run, the worm creates a VBScript file, "%SysDir%\Email.vbs", that sends itself to all users in the Outlook address book and closes the Outlook application, and then deletes the script.