1. /
  2. Security Response/
  3. VBS.San@m

VBS.San@m

Risk Level 1: Very Low

Discovered:
February 13, 2001
Updated:
February 13, 2007 11:34:49 AM
Also Known As:
VBS/San@m
Type:
Worm

VBS.San@m is a script worm which spreads through email. The worm utilizes a known Microsoft Outlook Express security hole (Scriptlet.TypeLib) so that a viral file is created on the system without having to run any attachment. Simply reading the received email message causes the virus to be placed on the system. Microsoft has patched this security hole. The patch is available at:

http://www.microsoft.com/technet/ie/tools/scrpteye.asp

If you have a patched version of Outlook Express, this worm will not work automatically.

The worm copies itself into the StartUp folder and sets itself as the default signature for Microsoft Outlook Express. It also modifies the default start page for Internet Explorer to connect to a Web site that contains another worm, VBS.Valentin@mm.

Antivirus Protection Dates

  • Initial Rapid Release version February 13, 2001
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version February 13, 2001
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Moderate
  • Removal: Moderate

Damage

  • Damage Level: Medium

Distribution

  • Distribution Level: Medium
Writeup By: Brian Ewell

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver