A new, mass-mailing computer virus, disguised as a holiday greeting, is threatening to put a damper on the Christmas rush to send electronic cards. The worm - known by vendors as either Reeezak, Zacker or Maldal, and becoming known as Christmas.exe - began infecting personal computers in the United States and Europe early yesterday morning. By the afternoon, infections were reported across the Asia-Pacific by anti-virus software vendor Symantec. Anti-virus software experts said the new worm should raise alarm bells for Internet users to be on their guard for more e-mail-borne viruses during the holiday season. Symantec, Computer Associates, McAfee, Trend Micro and Sophos were among the first anti-virus software vendors that spotted the new worm making the rounds of corporate and consumer e-mail messages yesterday. In their basic form, worms create exact copies of themselves and use communications between computers to spread. The Christmas worm propagates through e-mail by masquerading as a Macromedia Flash holiday greeting. It is written in the Visual Basic programming language. The worm uses Microsoft Outlook to spread its infection, which includes modifying an infected user's Internet Explorer home page. The worm may also use entries from MS-Messenger. It arrives with an e-mail file attachment called 'christmas .exe', the size of which is 37,376 bytes. The e-mail's subject line is 'Happy New Year'. The message body text says: 'Hii [sic], I can't describe my feelings But all I can say is Happy new year :-) bye.' When first run, the worm copies itself into the Windows directory as Christmas.exe and edits the registry so that it is run automatically each time Windows is restarted. The worm changes the computer name and the default browser home page by setting the registry keys to change Internet Explorer's default home page to a Web site containing malicious code and abusive references to George Bush and Israel. This page will be detected as JS.Exception.Exploit. Next, the worm will display a window with the text: 'From the heart. Happy new year!' Finally, the worm disables the keyboard. This means the keyboard cannot be used until the computer is restarted without the worm being executed. 'This represents increased sophistication in the level of social engineering used to write viruses,' said Abby Tang, North Asia regional engineering manager for McAfee. 'The message appears so harmless that it can catch somebody off guard.' Through the years, virus authors have attempted to exploit festive goodwill by disguising their malicious programs as something entertaining or amusing. Recent examples include the Navidad virus, taken from the Spanish word for Christmas, and the Grate-B worm, which carries the subject line 'Merry Christmas!!!' 'Holiday-themed threats, such as Reeezak, remind us that computer users should never let their guard down when using the Internet,' said Ian Hameroff, director of anti-virus solutions at Computer Associates. 'Be on the lookout for suspicious messages. They may be bearing gifts that you don't want.' Sophos chief executive Jan Hrusak added: 'Sending joke programs, screensavers and electronic greetings cards is a risky activity at any time of year, but in the midst of the celebrations, it can be all too easy to become complacent.' To remove the new Christmas worm, anti-virus vendors suggest deleting files that are detected as W32.Maldal.C@mm or JS.Excep tion.Exploit, repairing files detected as W32.Maldal.C@mm (html), and reversing the changes that it made to the registry using the latest anti-virus patches available on the Internet. If the worm has disabled the keyboard, users must restart the computer in safe mode before editing the registry.