VBS.Haptime.B@mm

VBS.Haptime.B@mm is a Visual Basic Script (VBS) worm. It infects .htm, .html, .vbs, .asp, and .htt files. It replicates using MAPI objects to spread itself as an attachment. The worm attaches itself to all outgoing messages using the stationery feature of Microsoft Outlook Express.

This is a variant of VBS.Haptime.A@mm. The difference between VBS.Haptime.A@mm and VBS.Haptime.B@mm is the name of the attachment file, which is changed from Untitled.htm to Instlog.htm.

The worm utilizes a known Microsoft Outlook Express security hole so that the worm is executed without having to run any attachment. Microsoft has patched this security hole that eliminates security vulnerabilities in "Scriptlet.TypLib" ActiveX controls. The patch is available at:

http://www.microsoft.com/technet/ie/tools/scrpteye.asp

If you have a patched version of Outlook Express, this worm will not work automatically.

Protection

• Initial Rapid Release version June 15, 2001
• Latest Rapid Release version August 20, 2008 revision 017
• Initial Daily Certified version June 15, 2001
• Latest Daily Certified version August 20, 2008 revision 016
• Initial Weekly Certified release date pending

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 0 - 49
• Number of Sites: 0 - 2
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Easy

Damage

• Damage Level: Low

Distribution

• Distribution Level: High