VBS.San@m is a script worm which spreads through email. The worm utilizes a known Microsoft Outlook Express security hole (Scriptlet.TypeLib) so that a viral file is created on the system without having to run any attachment. Simply reading the received email message causes the virus to be placed on the system. Microsoft has patched this security hole. The patch is available at:
If you have a patched version of Outlook Express, this worm will not work automatically.
The worm copies itself into the StartUp folder and sets itself as the default signature for Microsoft Outlook Express. It also modifies the default start page for Internet Explorer to connect to a Web site that contains another worm, VBS.Valentin@mm.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.