'Newsletter' Worm Targets Outlook

Security experts around the world are warning of a new virus that uses Microsoft Outlook e-mail software to replicate itself by sending out mass e-mail messages that may destroy some Windows files.

The virus, called W32.Yarner.A@mm, emerged February 18 in Europe, where it masquerades as a newsletter published by a German security group Tojaner Info, according to a statement on Trojaner's Web site.

The statement said an unknown person started the worm and uses the names of Trojaner staffers Thomas Tietz and Andreas Ebert at the end of the message.

Several vendors of antivirus software also are issuing warnings about the virus. Reports have come from both Sophos Anti-Virus, based in Abingdon, England, and Symantec, of Cupertino, California.

German Message

Apparently, the worm arrives in an e-mail message with the subject line "Trojaner Info Newsletter" and the current date. Inside, users find a message in German and an attachment named yawsetup.exe.

The worm then burrows into a user's system and replicates itself via the user's address book and by searching files with the extensions .php, .htm, .shtm, .cgi, and .pl, according to Symantec.

Symantec said the virus can delete files related to Windows, but that it's easy to contain and hasn't spread very far.

Bill Pollak at CERT Coordination Center, a security research and information service at Carnegie Mellon University in Pittsburgh, said the group is monitoring the virus but has not issued an advisory.

Still on the Loose

Microsoft Outlook and Outlook Express are frequent targets of viruses and worms. Last week, antivirus product vendors warned of a new worm that exploits vulnerabilities in both Microsoft IE and its MSN Messenger instant messaging program.

That worm is called "JS.Menger.Worm" by Symantec and "Coolnow" by F-Secure. It appears as an instant message telling the recipient to go to one of several Web sites. Clicking on the URL link in the message opens a Web page with malicious JavaScript code that sends instant messages advertising the Web page, or other Web pages with the code, to all MSN Messenger users on the victim's contacts list.