GEN:SID 1:796
Message Virus - Possible Worm - xls.vbs file
Summary This rule has been placed in deleted.rules. It has been superceded by
sid 721.
Impact Mail worms may spread rapidly because users execute them.
Detailed Information Windows systems are often configured not to display file extensions.
By adding a second extension, users get confused and think that an
executable is an EXCEL spreadsheet - e.g. businnesplan.xls.vbs gets displayed as
businessplan.xls but is a visual basic script and not an EXCEL spreadsheet.
Affected Systems  
Attack Scenarios Famous worms (ILOVEYOU, KOURNIKOVA) are based on this method. Warning:
An EXCEL spreadsheet is in now way more secure than a visual basic script.
Wrongly configured antivirus software my ignore this files and
let a macro virus pass.
Ease of Attack Very easy. One needs to attach a file and hope that it gets executed.
Corrective Action Use antivirus software. Configure mail clients securely, especially when
using windows desktops. Educate your mail users. Deny all attachments at
the gateway if you can.
Additional References See websites of antivirus companies.