It is a new mass mailing worm written in Visual Basic.<P>The worm is spreading as a file README.EXE in messages with the<BR>subject:<P> As per your request!<P>and the body:<P> Please find attached file for your review.<BR> I look forward to hear from you again very soon.<BR> Thank you.<P>When is the README.EXE file is executed it copies itself into Windows<BR>directory and create in the registry key:<P> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run<P>a value named "macrosoft"<BR>pointing to the dropped copy of the worm.<P>Then the worm takes email addresses from Outlook address book<BR>and starts sending itself.<P>Next, it displays a message box with a button 'Open'. When<BR>you click on it, a fake error message appears:<P> WinZip SelfExtractor: Warning<BR> CRC eror: 234#21 ------------<P>It is a new mass mailing worm written in Visual Basic.<P>The worm is spreading as a file README.EXE in messages with the<BR>subject:<P> As per your request!<P>and the body:<P> Please find attached file for your review.<BR> I look forward to hear from you again very soon.<BR> Thank you.<P>When is the README.EXE file is executed it copies itself into Windows<BR>directory and create in the registry key:<P> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run<P>a value named "macrosoft"<BR>pointing to the dropped copy of the worm.<P>Then the worm takes email addresses from Outlook address book<BR>and starts sending itself.<P>Next, it displays a message box with a button 'Open'. When<BR>you click on it, a fake error message appears:<P> WinZip SelfExtractor: Warning<BR> CRC eror: 234#21