Antivirus researchers said the virus has been in existence since July and has been named VBS.freelink. In order to work, the virus requires newer versions of Windows Visual Basic programming language, which means that Windows 95 computers aren't affected, said Steve Trilling of Symantec's antivirus lab.
Antivirus companies updated their virus databases to detect the Freelink virus, but the virus might still arrive undetected depending on how the software is set up. The virus slips under the radar screen of earlier versions of some antivirus software because the email attachment is a file type that is a relatively new home for viruses, Trilling said.
Microsoft's Lisa Gurry said the virus can't spread unless a recipient opens the infected attachment, and urged people to practice good computer hygiene. "We recommend people install the latest antivirus software and also not open unknown attachments in email," she said.
In recent months, a new category of viruses such as Melissa, Explore.zip, and Freelink have cropped up that can spread much faster than earlier viruses. These new viruses take advantage of the fact that email programs such as Outlook can be automated to broadcast virus-infected attachments. Further, Melissa, Explore.zip, and Freelink borrow email address lists from Outlook, which not only provides a ready list of recipients, but also means the virus is sent from a person likely to be known to the recipient.
Antivirus company TrendMicro got a handful of reports on the virus yesterday and feared an outbreak that in fact never happened.
"We geared up thinking it might be another Melissa, but it didn't happen," said TrendMicro's Dan Schrader. "We get these kind of fire drills once or twice a month."
Trilling said Symantec hasn't detected a resurgence of the virus.
The virus spreads by an email that contains a Visual Basic script file. If the attachment is opened, the file surreptitiously goes through a user's address book and sends the virus out like a chain mail to anyone listed in the user's address book.
The email carrying the bug can be identified by the subject line, which states, "Check this." The body of the email contains this message: "Have fun with these links. Bye."
Below that is a file called "links.vbs," which stands for Visual Basic script. If the file is opened by clicking on its icon, the virus runs and begins propagating.
"This is not an Outlook virus," said Gurry. "It's a malicious use of Visual Basic script. There's nothing we could fix."
The most recent version of Norton Antivirus is set up by default to scan all downloaded files, but earlier versions didn't, Trilling said.
In the past few days, Symantec received four submissions of the Freelink virus and six emails asking about it. "While not overwhelming, this is certainly indicative that the virus is still very much alive 'in the wild,'" Trilling said.
The Melissa virus, which emerged on March 26, used a combination of Microsoft Word macros and Microsoft Outlook. Users would receive a disguised file, which contained a list of 80 pornographic Web sites. People who opened the file launched the virus, which then sent it to many people on the address list stored in Outlook.
The self-replicating nature of the virus led to email traffic clogs around the world as massive numbers of messages were sent as a result of the virus. Although Melissa itself did not attempt to corrupt files inside computers, later copycat versions did.
Roughly a week after Melissa emerged, authorities arrested the man suspected of starting the virus. The suspect, David Smith, admitted in court papers to have spread the virus using a stolen AOL account.