[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ILOVEYOU

To: radsafe@romulus.ehs.uiuc.edu
Subject: Re: ILOVEYOU
From: Thomas M Lashley <lashleyt@dteenergy.com>
Date: Thu, 04 May 2000 10:12:37 -0400
References: <3910E1E5.27554.CC899C8@localhost>

Good thing the listserver doesn't like HTML documents and attachments!!

Tom Lashley
LashleyT@DTEenergy.com

Sandy Perle wrote:

> Grant. Why did you send a virus to the listserver?
>
> See below:
>
> Name: VBS/LoveLet-A Aliases: The Love Bug Type:
> {HYPERLINK "/virusinfo/articles/virustypes.html" \l "vbs"}Visual
> Basic Script worm Detection:
> Detected by Sophos Anti-Virus version 3.34 or later. An update (IDE
> file) is available for earlier versions from the
> {HYPERLINK "/downloads/ide"}Latest virus identities section.
> This virus has been very widely reported in the wild. Further IDEs
> will follow with a fuller analysis.
> Comments:
> This is a virus which tries to spread itself in several ways. Most
> commonly, it sends itself as an attachment to an email.
> Infected emails have the subject line:
> ILOVEYOU
> The message text is:
> kindly check the attached LOVELETTER coming from me.
> The attachment is called "LOVE-LETTER-FOR-YOU.TXT.vbs", which has a
> "double extension". Mailers which suppress well-known extensions such
> as .vbs may present this file as "LOVE-LETTER-FOR-YOU.TXT", which
> appears more innocent. Do not be misled by a trick like this.
> Because the virus arrives in a VBS file, it requires the Windows
> Scripting Host (WSH) in order to work. If you disable WSH, the viral
> attachment will be rendered harmless.
> The virus also drops an HTM file which can spread the virus, and a
> mIRC script which tries to distribute it. It also tries to download a
> file called WIN-BUGSFIX.exe from the internet, and injects two copies
> of its VBS script into the system directory where they are executed
> each time the computer reboots.
> The email component of the virus requires Microsoft Outlook to work.
> If you are using Outlook it will try to send itself to each entry in
> your Windows Address Book.
> Note that following the Sophos Guidelines for
> {HYPERLINK "/virusinfo/articles/safehex.html"}Safe Hex will render
> you almost immune to this attack. If you do not read unusual or
> unlikely emails and if you have disabled the WSH, then you are
> unlikely to become infected.
>
> ************************************************************************
> The RADSAFE Frequently Asked Questions list, archives and subscription
> information can be accessed at http://www.ehs.uiuc.edu/~rad/radsafe.html

************************************************************************
The RADSAFE Frequently Asked Questions list, archives and subscription
information can be accessed at http://www.ehs.uiuc.edu/~rad/radsafe.html

References:
- Re: ILOVEYOU
  - From: "Sandy Perle" <sandyfl@earthlink.net>

Prev by Date: Vehicle Monitoring form for Nuclear Power Plant exercise
Next by Date: Re: acute radiation in the news
Prev by thread: Re: ILOVEYOU
Next by thread: ILOVEYOU virus/worm
Index(es):
- Date
- Thread