Redlof.B is a polymorphic worm with no destructive effects, whose only purpose is to affect other computers. In order to do so, Redlof.B copies its code to HTT files, which are used to view system folders as web pages. From that moment on, when affected users open a folder, they will be running the worm without noticing. In addition, Redlof.B also searches for and affects files with the following extensions: ASP, TML, HTT, HTM, VBS, PHP and JSP. This worm spreads via e-mail very quickly by hiding its code in the file that serves as stationary for all the messages the affected user sends through the Outlook mail client. Redlof.B exploits the vulnerability affecting the VM ActiveX component, which allows a virus to be run by viewing a webpage that contains the viral code. More information about this vulnerability as well as the corresponding security patch are available from Microsoft's website. |