Challenge is an email worm that propagates through Microsoft Outlook Express 5. It appends itself to all emails that are sent after the initial infection. Unlike other worms, the worm embeds itself within emails, as opposed to attaching itself, meaning that the worm is run once an infected email is opened, with no further user interaction required.
The worm utilises an exploit that allows scripts embedded within HTML-based emails, to access ActiveX controls, an exploit which has since been patched. This allows for the worm code to be run without requiring deception in order to entice the user to open an infected attachment.
Upon execution, the worm will create a file, with the name TEMP.HTA, in the Windows start-up directory, and then proceed to set itself as the default signature in Microsoft Outlook, ensuring that its code is appended to all new composed emails.
- Kaspersky Threats, Email-Worm.VBS.Challenge