The VBMania Virus
Just when we were thinking that “all is quiet on the virus and worm front,” a new virus started spreading rapidly yesterday. Dubbed the VBMania virus by McAfee, this virus arrives in email with a subject line of “Here you have.” Interestingly, this is the same subject line as the Anna Kournikova worm that surfaced years ago had. The body of the message says something to the effect of “Hello… this is the document I told you about, you can find it here” and contains a link to a Web page hosted on members.multimania,co.uk. If an unsuspecting user clicks on this link, what appears to be a screensaver file with an .scr extension is downloaded to the user’s machine. The file is the virus code, however. Once the virus infects a system, it uses the Outlook address book to mail itself to addresses therein, although there is evidence that the virus also mails itself to other addresses.
Initially, the worm initially spread very rapidly, clogging Internet gateways in various parts of the world. US government agencies have been hit particularly hard. The worm has since slowed down considerably since yesterday; configuring mail servers to block messages with .scr files as attachments stops the spread of this virus.
What is particularly interesting about the VBMania virus is that mass mailing viruses have for all practical purposes disappeared over the last five years of so. We have seen ILoveYou, Anna Kourikova, and other mass-mailing viruses come and go, but lately malware of this nature has become extinct. Let’s face it–computer criminals want to make money, and you can’t make much money by releasing malware that is easily noticed and does nothing more than infect systems. So just as the Conficker worm showed us that worms are by no means dead, VBMania has shown us that mass-mailing viruses are also still very much alive and well.
What amazes me is how successful VBMania has been within US government agencies despite all the money and effort they have spent on training and awareness activity. One would think that users would hesitate to click on URLs sent in messages, but apparently this is not true. But the US government will never lead the way when it comes to security. Unbelievably, the two people charged with rewriting the Department of Energy’s cybersecurity policies do not even have a background in cybersecurity, nor do they have even have a single information security professional certification between them! And there are similar stories in other departments and agencies. So if I were a better person, I’d bet that VBMania is not the last virus that will spread profusely within the US government. The late Harvard professor George Santayana once said: “Those who do not learn from history are doomed to repeat it.” Apparently US government departments and agencies are not learning from history…