1. Symantec/
  2. Security Response/
  3. VBS.San.B@m


Risk Level 1: Very Low

March 16, 2001
February 13, 2007 11:49:11 AM

VBS.San.B@m is a script worm which spreads through email. The worm utilizes a known Microsoft Outlook Express security hole (Scriptlet.TypeLib) so that a viral file is created on the system without having to run any attachment. Simply reading the received email message causes the virus to be placed on the system. Microsoft has patched this security hole. The patch is available at:


If you have a patched version of Outlook Express, this worm will not work automatically.

The worm copies itself into the StartUp folder and sets itself as the default signature for Microsoft Outlook Express. It also modifies the default start page for Internet Explorer to connect to a Web site that contains another worm, VBS.Valentin@mm.

Antivirus Protection Dates

  • Initial Rapid Release version March 16, 2001
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version March 16, 2001
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Brian Ewell

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube