VBS.Postcard@mm

This virus is a polymorphic Visual Basic Script (VBS), which is stored in HTML files or as a separate VBS file. It is both an email worm and a Trojan horse. When executed, the worm emails itself to everyone in your Microsoft Outlook address book. It infects files in the \Windows, \Windows\System, and \Temp folders that have .html, .htm, .shtml, or .asp extensions

It also replicates itself to \Temp folders of mapped network drives. The virus changes Internet Explorer security settings, and changes the default start page to the infected HTML page. It opens WordPad and enters text on the opened document. The script is also designed to block the keyboard and the mouse.

Protection

• Initial Rapid Release version March 9, 2001
• Latest Rapid Release version March 9, 2001
• Initial Daily Certified version March 9, 2001
• Latest Daily Certified version June 17, 2008 revision 017
• Initial Weekly Certified release date pending

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 0 - 49
• Number of Sites: 0 - 2
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Easy

Damage

• Damage Level: Low

Distribution

• Distribution Level: Low