[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ILOVEYOU

To: radsafe@romulus.ehs.uiuc.edu
Subject: Re: ILOVEYOU
From: "Sandy Perle" <sandyfl@earthlink.net>
Date: Thu, 4 May 2000 02:35:17 -0700
In-reply-to: <NDBBLLNFILFLNMNAFOPCAEFJCAAA.gwilton@chem.swri.edu>
Priority: normal
Reply-to: sandyfl@earthlink.net

Grant. Why did you send a virus to the listserver?

See below:

Name: VBS/LoveLet-A Aliases: The Love Bug Type: 
{HYPERLINK "/virusinfo/articles/virustypes.html" \l "vbs"}Visual 
Basic Script worm Detection: 
Detected by Sophos Anti-Virus version 3.34 or later. An update (IDE 
file) is available for earlier versions from the 
{HYPERLINK "/downloads/ide"}Latest virus identities section. 
This virus has been very widely reported in the wild. Further IDEs 
will follow with a fuller analysis. 
Comments: 
This is a virus which tries to spread itself in several ways. Most 
commonly, it sends itself as an attachment to an email. 
Infected emails have the subject line: 
ILOVEYOU 
The message text is: 
kindly check the attached LOVELETTER coming from me. 
The attachment is called "LOVE-LETTER-FOR-YOU.TXT.vbs", which has a 
"double extension". Mailers which suppress well-known extensions such 
as .vbs may present this file as "LOVE-LETTER-FOR-YOU.TXT", which 
appears more innocent. Do not be misled by a trick like this. 
Because the virus arrives in a VBS file, it requires the Windows 
Scripting Host (WSH) in order to work. If you disable WSH, the viral 
attachment will be rendered harmless. 
The virus also drops an HTM file which can spread the virus, and a 
mIRC script which tries to distribute it. It also tries to download a 
file called WIN-BUGSFIX.exe from the internet, and injects two copies 
of its VBS script into the system directory where they are executed 
each time the computer reboots. 
The email component of the virus requires Microsoft Outlook to work. 
If you are using Outlook it will try to send itself to each entry in 
your Windows Address Book. 
Note that following the Sophos Guidelines for 
{HYPERLINK "/virusinfo/articles/safehex.html"}Safe Hex will render 
you almost immune to this attack. If you do not read unusual or 
unlikely emails and if you have disabled the WSH, then you are 
unlikely to become infected. 

************************************************************************
The RADSAFE Frequently Asked Questions list, archives and subscription
information can be accessed at http://www.ehs.uiuc.edu/~rad/radsafe.html

Follow-Ups:
- Re: ILOVEYOU
  - From: Thomas M Lashley <lashleyt@dteenergy.com>

References:
- ILOVEYOU
  - From: "Grant Wilton" <gwilton@chem.swri.edu>

Prev by Date: Re: ILOVEYOU - DON'T OPEN
Next by Date: RE: "mind set"
Prev by thread: Re: ILOVEYOU - DON'T OPEN
Next by thread: Re: ILOVEYOU
Index(es):
- Date
- Thread