We have received reports of this virus spreading rapidly in North America. We will issue an update when more information becomes available

The following has been derived from information provided by Symantec, and customer reports.

Virus Characteristics

This is an encrypted mass-mailing worm which arrives in the form of an email attachment. The infected messages have the following details:

Subject: Nuevas Mididas Del Ejecutivo
Attachment: Batlle_Desnudo.JPG.vbs

The worm attempts to send itself to all addresses in the Outlook address book. Upon execution, the worm uses the default web browser to open one of two government web pages.


Payload

Increase in email activity which can flood corporate email servers. Opens an unwanted URL using the web browser.


Preventative Measures

Block all attachments with VBS attachments at the SMTP gateway where possible, or block the following attachments:

- JPG.VBS
- Batlle_Desnudo.JPG.vbs


Fixes Available

AVP: No information at time of alert
Network Associates: No information at time of alert
Symantec: Currently detected by Spec Definitions released on May 15, 2001
Trend: No information at time of alert