The Romeo and Juliet virus, also known as "W32/BleBla@mm" by antivirus companies, has not spread quickly and appears to be a low threat to computer users, according to experts.
"From what we've seen, it doesn't do much damage if any at all," said Vincent Gullotto, senior director of McAfee's AVERT Labs. "It does exploit some vulnerabilities, but it doesn't (rename) files or erase any files."
The virus takes advantage of a vulnerability in Microsoft's Outlook email program. It is an Internet worm that arrives by email in HTML format with one of the following subject lines: "ble bla, bee;" "I Love You;" "sorry... Hey you !;" "Matrix has you...;" or "my picture from shake-beer."
Microsoft's email program is capable of displaying documents using HTML--a programming language used to create Web pages. The Romeo and Juliet virus takes advantage of this feature, using an HTML message to execute malicious programs. The email, which can also appear to contain no text or identifiable attachments, contains two malicious files, "myromeo.exe" and "myjuliet.chm," according to McAfee.
The HTML code first instructs Windows to save the attachments to the machine's hard drive. Then the virus reads addresses from the Windows Address Book and sends itself to people listed there. Gullotto said that so far, he hasn't heard of any servers being brought down because of the virus.
The I Love You virus, also known as the "Love Letter" virus or the "Love" bug, first struck in May, crippling email systems worldwide.
Other recent virus alerts
Gullotto said two recently reported viruses are continuing to cause concern as they propagate. Just last week, experts announced the discovery of a worm, "Hybris," that carries no destructive payload and is relatively harmless. But some security experts cautioned that it could prove to be a menace because the worm is written so that it can update itself as it spreads.
Gullotto said another virus, "Navidad"--which means Christmas in Spanish--also continues to infect Microsoft's Outlook email application. The virus arrives as a reply when a person sends a message to an infected computer. If the attachment, "navidad.exe," is run, a message in Spanish reads: "Never press this button." If the button is pressed, a further message reads: "Feliz Navidad. Unfortunately you have given in to temptation and will lose your computer."
To help protect a machine from the Romeo and Juliet virus, McAfee recommended that people delete unexpected attachments to prevent further spread of the worm, which it rated "low risk." The company also has posted a virus alert on its Web page.