Funny is a new worm that is similar to the ILOVEYOU worm, but much less virulent. Funny (VBS.Funny.A) and its variants (B and C) will look for the presence of online banking software and, if found, deposit a trojan horse that will memorize keystrokes to obtain user passwords. The Funny worm arrives as e-mail and requires a user to open the attached file. Funny uses Visual Basic scripting to execute to access a user's Outlook address book and send copies of itself to all the addresses found. At present, the Funny worm ranks as a 4 on the ZDNet virus meter.
How It Works
The Funny worm and its variants arrive as an e-mail with the following qualities:
Subject: "Funny Story" (A); "When did you die?" (B); "Rechnungsabschrift" (C)
Message: (blank)
Attachment: "Funny_story.htm.vbs" (A); "LIFE_ASSURANCE.HTM.vbs" (B); "RECHNUNGSABSCHRIFT.DOC.vbs" (C)
Once the user opens the attachment, the Funny worm either hotlinks to a Web site containing a joke (A and B) or displays a text file (C). The worm will also search the Windows Registry for the presence of UBS banking software. If found, the worm will execute a Trojan horse that will attempt to steal a user's id and password. If the user does not use UBS banking software, the worm will still send itself to every address found in the Outlook address book. Funny.C reportedly does not contain the password stealing Trojan horse.
|
Here are the basic steps for containing the Funny worm:
 |
Download Microsoft's Outlook Security Patch. If you haven't already installed it, download the Outlook 98 Security Patch or the Outlook 2000 Security Patch (which requires the Office 2000 Service Release 1a). Please note that this patch does not include Outlook Express. Click here for help with installation, or for more information regarding this patch. |
|
Turn off Windows Scripting Host. Recent virus outbreaks have exploited known vulnerabilities in Visual Basic Scripting under Windows. To limit your risk of infection, you should turn off Windows Scripting Host. For a complete discussion of the pros and cons of removing Windows Scripting Host, see To Script Or Not To Script. |
|
"Don't open attachments!" One of the best ways to prevent virus infections is not to open attachments, especially when viruses such as Funny are being actively circulated. Even if the e-mail is from a known source, be careful. A few viruses take the mailing lists from an infected computer and send out new messages with its destructive payload attached. Always scan the attached files first for viruses. Unless it's a file or an image you are expecting, delete it. |
|
Stay informed. Did you know that there are virus and security alerts almost every day? Keep up-to-date on breaking viruses and solutions by bookmarking this site Viruses, Bugs, Security Alerts. |
|
Get protected. If you don't already have virus protection software on your machine, you should. If you're a home or individual user, it's as easy as downloading any of these five-star programs then following the installation instructions. If you're on a network, check with your network administrator first. If you're not sure if your existing anti-virus software is up-to-date, scan your system for free to find out. |
|
Scan your system regularly. If you're just loading anti-virus software for the first time, it's a good idea to let it scan your entire system. It's better to start with your PC clean and free of virus problems. Often the anti-virus program can be set to scan each time the computer is rebooted or on a periodic schedule. Some will scan in the background while you are connected to the Internet. Make it a regular habit to scan for viruses. |
|
Update your anti-virus software. Now that you have virus protection software installed, make sure it's up-to-date. Some anti-virus protection programs have a feature that will automatically link to the Internet and add new virus detection code whenever the software vendor discovers a new threat. |
|
|
