bodyType

customContents

entityId

entityUuid

articlePageQuery

filter

article

articleBaseAdvertisingInfoArticle

articleListArticle

articleSeoArticle

helpersCheckIsPostiesArticle

hooksArticleAcknowledgementGateOverlayArticle

hooksTrackPageViewArticle

hooksContentInterestArticle

articleLinkingDataContent

articleSchemaContent

liveArticle

advertZone

sentiment

contentLock

topics

types

sections

moreOnThisArticles

urlAlias

commentCount

authorLocations

authors

paywallTypes

corrections

sponsorType

displaySlideShow

multimediaEmbed

printHeadline

seriesContainer

socialHeadline

headline

flag

firstTopic

glossary

flattenTypeIds

publishedDate

additionalInfoBoxes

images

image

relatedLinks

relatedNewsletters

__typename

createdDate

sponsor

factSheets

seriesReverseOrder

series

disableOffPlatformContent

published

updatedDate

summary

subHeadline

body

keywords

copyrighted

customTimezone

liveContents

Lydia Zajc

As if the recent influx of computer threats was not enough, another worm is propagating via Microsoft Outlook in Hong Kong and worldwide, with the help of unsuspecting victims.

Anti-virus provider Network Associates said TrojApost.A, also known as Apost, or Readme after the name of the attachment used to spread it, had been reported by SAR organisations.

North Asia regional engineering manager Abby Tang said her firm had one report on Tuesday, while e-mail security firm MessageLabs said it had detected 59 infected e-mails from Hong Kong.

The worm e-mails itself as an attachment called readme.exe to recipients in a victim's Outlook address book. The subject line consistently reads: 'As per your request!' The body text is: 'Please find attached file for your review. I look forward to hear from you again very soon. Thank you.'

Ms Tang said: 'We don't expect that the Apost worm will be as destructive as Sircam and Code Red, but will cause a nuisance to PC users in Hong Kong and elsewhere in the region.

'The fact that this is a nuisance means that users are simply not updating their anti-virus software as frequently as they should.'

Sircam, another worm detected this summer, was not limited to Microsoft Outlook and had been widespread. Earlier this year, the Anna Kournikova mass mailer, named after the Russian tennis player, hit with a similar structure to Apost, but with a more enticing subject line for many.

Code Red and its spawn, which some said could have attacked the White House Web site and crashed the Internet but did not, infected vulnerable Microsoft Web servers, not PCs.

Apost differed from most mass mailers as the unwary recipient had the opportunity to close the attachment even after clicking to open, Ms Tang said.

A window will appear, labelled 'Urgent!', with a button marked with 'Open' to double-check whether the reader wants to see the attached item. A potential victim may simply click the 'X' in the corner to shut down the process.

'All viruses look the same,' Ms Tang said. 'But this one gives you a second chance.'

The worm has been rated medium-risk by computer security firm Trend Micro.

Another anti-virus firm, Symantec, said the worm activated its insertion and e-mailing routine twice, meaning recipients probably would get at least two such e-mail.

To get rid of Apost, recipients should delete the infected files and the entry named 'macrosoft' from the Windows registry under HKEY_CURRENT_USER?Software?Microsoft?Windows?CurrentVersion?Run.

While Network Associates said Apost was a new worm, Symantec wrote on its Web site that the worm formerly was known as W32.Urgent.worm@mm, but showed increased activity after Monday.

Symantec has upgraded Apost's threat level to three from two.

MessageLabs' Web site said the worm originated in Germany.

According to the security firm, Sircam remains the leading threat intercepted thus far this month, with Apost in the fourth spot.

lydia@scmp.com



New worm hits Hong Kong