VBS.Loding.A@mm

VBS.Loding.A@mm is a script which uses an exploit to run arbitrary code. It contains instructions to send email using Microsoft Outlook. The email message contains a link that would have downloaded a virus; however, the page that it linked to has been closed.

The email message is in the following format:

Subject: Computer Secrets !
Message: If you are using Win9x/Me, visit the following page will upgrade your pc performance. If you are not using Win9x/Me or don't want to upgrade your pc, only forward this page to your friends. Maybe your friends need it. <dead link>

If you clicked the link (while it was still active), it would have gone the Web page and run the script, which would have perpetuated itself.



Additional precautions that you can take:

• If you are using Norton AntiVirus 2002, which includes Script Blocking, make sure that Script Blocking is enabled (the default).
• If you are using Norton AntiVirus 2001, a free program update that includes Script Blocking is available. Please run LiveUpdate to obtain this.
• For earlier versions of Norton AntiVirus, SARC offers a tool to disable the Windows Scripting Host.

Protection

• Initial Rapid Release version August 16, 2001
• Latest Rapid Release version July 12, 2008 revision 018
• Initial Daily Certified version August 16, 2001
• Latest Daily Certified version July 12, 2008 revision 019
• Initial Weekly Certified release date pending

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 0 - 49
• Number of Sites: 0 - 2
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Easy

Damage

• Damage Level: Low

Distribution

• Distribution Level: Low