1. Symantec/
  2. Security Response/
  3. VBS.Haptime.C@mm


November 28, 2001
February 13, 2007 11:54:34 AM
Systems Affected:

VBS.Haptime.C@mm is a Visual Basic Script (VBS) worm. It infects .htm, .html, .vbs, .asp, and .htt files. It replicates using MAPI objects to spread itself as an attachment. The worm attaches itself to all outgoing messages using the stationery feature of Microsoft Outlook Express.

This is a variant of VBS.Haptime.A@mm. The difference between VBS.Haptime.A@mm and VBS.Haptime.C@mm is the name of the attachment file, which is changed from Untitled.htm to THE_EVOLUTION.htm.

The worm utilizes a known Microsoft Outlook Express security hole so that the worm is executed without having to run any attachment. Microsoft has patched this security hole that eliminates security vulnerabilities in "Scriptlet.TypLib" ActiveX controls. The patch is available at:


If you have a patched version of Outlook Express, this worm will not work automatically.

Definitions dated before Jan. 17, 2002, detect the worm as VBS.Evolution@mm.

Antivirus Protection Dates

  • Initial Rapid Release version January 17, 2002
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version January 17, 2002
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Yana Liu

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube