Quite a number of viruses have been written to exploit bugs in MS Internet Explorer and Outlook Express. The following, taken from the Heathkit listserver, seems like a good description and is worth passing around, especially the part about removing the associations to several file extensions.
---------------------------------------
In regards to the large number of virus' that have been written over the last 18 months, notice that almost every one of them depend on the complete MicroSoft suite to function properly. For most of them (not ALL, though), the common tie is Outlook and the Visual Basic Script engine.
Working at a University and administering a number of computers, I see this problem all the time. Our University Email folks are very aggressive towards these virus' and eliminate the bulk of these virus' before they enter the campus environment. But I've found the easiest method to prevent infections is to simply break the MicroSoft suite and remove Outlook (and Internet Explorer 5.0). I personally use Eudora and Netscape specifically because of this and COMPLETELY remove Outlook and Internet Explorer (or never install them). I then remove the file associations to several file extensions (VBS,VBE,WSF,WSH,JS and JSE). This prevents infected attachments from 'working' as Windows doesn't know how to execute the attachment. You may receive the virus, but it can do no harm. There is a small program from Cerberus named vf.exe at http://www.cerberus-infosec.co.uk/vf.exe that will remove these extensions from Windows. Takes about 30 seconds to run and the program is free.
Obviously, if you are working in an intergated office environment that depends upon Outlook or you write software/macro's using the Visual Basic Script Engine this WILL NOT WORK FOR YOU.
As always, the best protection is a good Anti-Virus package. I use Nortons Antivirus, enable the 'Atuomatic Update' feature and schedule updates weekly.
ABOUT THE VIRUS... from http://www.symantec.com/avcenter/venc/data/wscript.kakworm.html Virus Description: Wscript.KakWorm
VBS.KakWorm spreads using Microsoft Outlook Express. It attaches itself to all outgoing messages via the Signature feature of Outlook Express and Internet Explorer newsgroup reader. The worm utilizes a known Microsoft Outlook Express security hole so that a viral file is created on the system without having to run any attachment. Simply reading the received email message will cause the virus to be placed on the system. Microsoft has patched this security hole. The patch is available from Microsoft's website. If you have a patched version of Outlook Express, this worm will not work automatically. Also known as: VBS.Kak.Worm, Kagou-Anti-Krosoft Category: WORM Infection length: 4116 Bytes
OUTLOOK PATCH INFO (I forgot where I got this info)... Severe Windows Security Bug and Fix This bug is quite bad, and has been known since last year. It became more of an issue after somebody figured out you could exploit it to propagate computer infections in the same manner as the ILOVEYOU worm, only with much more destructive results. Any PC running Internet Explorer 5.0 and/or Office 2000 can be attacked with e-mail attachments, even if the recipient does not open said attachments. You don't even have to be using Internet Explorer: just having it installed with default security settings makes you vulnerable . The techies among you can see the horror of the situation. Fortunately, a fix will patch the hole in under five minutes. Make sure all the Windows machines in your care apply the patch immediately. Incidentally, Microsoft has finally responded to this class of e-mail-delivered worms by redesigning how the Outlook e-mail client deals with attachments. PCWorld has the story.
Bug: http://www.microsoft.com/technet/security/bulletin/ms99-032.asp Fix: http://www.microsoft.com/msdownload/iebuild/scriptlet/en/scriptlet.htm Outlook: http://www.officeupdate.microsoft.com/2000/articles/out2ksecFileTypes.htm PCWorld: http://www.pcworld.com/pcwtoday/article/0,1510,16721,00.html
<<< end of message >>>