There's nothing new about the latest Internet worm, Shakira (vbs.vbswg-aq@mm). An e-mail message allegedly containing photos of the Colombian rock star will instead launch a flood of infected copies on other users of Microsoft Outlook or IRC.
That silence is the sound of me not looking for Shakira pics on the Net. Not a fan to be honest.
Like the Anna worm, Shakira is the product of a VBS worm-generator kit. Most antivirus software vendors already have protection available to block it, hence the official name: Vbswg-aq. When the Shakira worm invades your PC, it displays this message: "You have been infected by the ShakiraPics Worm." The Shakira worm arrives as e-mail with the subject line "Sharkira pics." The body text is "Hi :i have sent the photos via attachment have funn..." The attached file is shakirapics.jpg.vbs.
If you open the attached file, the worm copies itself into the Windows folder as shakirapics.jpg.vbs, then makes a few changes to the Registry:
HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunRegistry = wscript.exe
In order to keep from spreading twice, Shakira also sets the following Registry keys:
HKCUsoftwareShakiraPicsmailed=1 and HKCUsoftwareShakiraPics
Users of Microsoft Outlook 2002 and users of Outlook 2000 who have installed the Security Update should be safe from the attached VBS file in Shakira. Users who have not upgraded to Outlook 2002 or who have not installed the Security Update for Outlook 2000 should do so.
As ever kiddies, in general do not open attached files in e-mail without first saving them to hard disk and scanning them with updated antivirus software.
News source: ZDNet