You are incorrect. All reports of this I have read (on a Exchange Server mailinglist) have been widthdrawn by the authors.
All pages from AV companies with descriptions of this virus mention that you have to open the attachment to activate the virus.
Of course, this is not the only infection path for this one. It also allegedly replaces other vbs, and vbe files with itself. In addition it replaces js, jse, css, wsh, sct, hta, jpg, jpeg, mp2 and mp3 files with itself (by additing a.vbs after the name and removing the original).
Slashdot Mirror
Yeah! tcsh!
%T %m:%~%#
19:46 monolith:~>
That's mine!
You are incorrect. All reports of this I have read (on a Exchange Server mailinglist) have been widthdrawn by the authors.
.vbs after the name and removing the original).
All pages from AV companies with descriptions of this virus mention that you have to open the attachment to activate the virus.
Of course, this is not the only infection path for this one. It also allegedly replaces other vbs, and vbe files with itself. In addition it replaces
js, jse, css, wsh, sct, hta, jpg, jpeg, mp2 and mp3 files with itself (by additing a
$) Ishtar