VBS.SST@mm is a VBS email worm that has been encoded using a virus creation kit. This worm arrives as an attachment named AnnaKournikova.jpg.vbs. When executed, the worm emails itself to everyone in your Microsoft Outlook address book. On January 26, the worm will attempt to direct your Web browser to an Internet address in The Netherlands, from where the worm appears to have originated.
The following information is for network administrators of
corporate versions of Norton AntiVirus.
For corporate users, Symantec Technical Support recommends the following
- Make sure virus definitions are most current.
- Delete the email. Do not open the attachment.
- Disable Windows Scripting to prevent VBS files, such as AnnaKournikova.JPEG.VBS, from executing. Filter attachments with a VBS extension.
- Microsoft Exchange 2000 in VAPI mode can strip attachments by extension. Contact Microsoft for further information.
- Microsoft Exchange Server also provides the ExMerge utility, which can be used to purge the Information Store of messages with a specified subject or attachment name. This can be very useful during a virus crisis. For more information, please see the following Microsoft Articles:
- Outlook 2000 with the latest security update will not execute VBS attachments. Contact Microsoft for further information.
- Norton AntiVirus for Microsoft Exchange (NAVMSE) can block attachments by extension when in VAPI mode. Make sure NAVMSE is at a current build. The following Symantec's Knowledge Base documents may be helpful:
- Norton AntiVirus for Email Gateways 2.0 installed, attachments with VBS extensions can be blocked. See the Administrator's Guide for details. The following Symantec Knowledge Base document may also be helpful:
- Norton AntiVirus for Firewalls 1.5 installed, attachments with VBS extensions can sometimes be blocked. See the Administrator's Guide for details. There are unknown environmental factors that prevent some installations from blocking VBS files. If it works at your site, it will work reliably. If VBS blocking does not work at your site, it will not work at all.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
