This Internet worm spreads via e-mail messages using MS Outlook. The worm is written in Visual Basic Script language (VBS) and spreads as a “Mawanella.vbs”
This is a typical Loveletter-like VBS worm; however, it is encrypted (encoded) to bypass heuristic scanners.
This worm spreads via e-mail by sending infected messages from infected computers. While spreading, the worm uses MS Outlook, and sends itself to all addresses that are stored in the MS Outlook Address Book. As a result, an infected
It works only on computers on which the Windows Scripting Host (WSH) is installed. In Windows 98 and Windows 2000, WHS is installed by default. To
The infected message in the original worm version appears as follows:
If a computer doesn’t have MS Outlook installed, the worm simply displays a message:
After spreading, the worm displays the following message:
The worm doesn’t mark infected computers in any way, thus it will send infected messages each time a user activates the worm’s VBS file.