Bug bypasses attachment-opening barrier

An email worm that can install itself on some computers without requiring the user to click on an attachment has started to infect networks.

Variously called Verona, I-worm.Bleba or Romeo&Juliet, the latter being one of 12 random messages the subject line bears, it exploits a reported hole in Microsoft's Outlook and Outlook Express email clients and its Internet Explorer 5.5 browser.

The worm, discovered in Poland on 16 November, exploits a compressed help file format known as a .chm file, but a report posted to the Bugtraq security list states that users can avoid it by disabling active scripting on their browser settings.

Denis Zenkin, head of corporate communications at Kaspersky Labs, said: "This is similar in form and effect to the music worm, [except that] the user only needs to open the email for it to run."

The worm can be identified by one of its 12 subject headers. These are:

Romeo&Juliet
:)))))))
hello world
!!??!?!?
subject
ble bla, ble
I Love you :)
Sorry,,,
Hey You !
Matrix has you...
My picture
From shake-beer

Once the user views the email, the worm saves two HTML attachments to c:\windows\temp and begins the process of sending emails to all the addresses in the victim's Microsoft Outlook address book.