Information Security News mailing list archives
Worm alert! LOVELETTER gets nastier
From: William Knowles <wk () C4I ORG>
Date: Thu, 18 May 2000 19:18:14 -0500
http://dailynews.yahoo.com/h/zd/20000518/tc/worm_alert_loveletter_gets_nastier_1.html Thursday May 18 09:30 PM EDT By Robert Lemos, ZDNet News Several Symantec customers have revealed a new, destructive variant on the loose. Damage has been limited ... so far. Security software maker Symantec Corp. warned computer users and businesses of a new, destructive worm -- apparently based on ILOVEYOU -- that had hit three Israeli and European clients by Thursday night. Aside from spreading by mailing itself out to everyone on the Outlook address book, the virus also deletes all files on the victim's computer -- and any mapped, network drives -- by setting the files' lengths to zero. "For most users, if you are infected with the virus, it means you need to have your machine rebuilt," said Vincent Weafer, director of the Symantec AntiVirus Research Center, referring to rebuilding the computer's files from backup. The malicious code is mailed to users as an apparent attachment from a friend, with the subject line "FW:" followed by a random file name. The attached file has that name plus the .VBS extension. For example, the worm might find the file "mydoc.txt" on the user's system and send off a message with the subject line "FW: mydoc.txt" and an attachment of "mydoc.txt.vbs". This one harder to stop? The current variant also adds a twist found in other viruses: Polymorphism. The malicious code is mailed to users as an apparent attachment from a friend, with the subject line "FW:" followed by a random file name.| The worm adds a few characters to its script's comment lines, thereby changing the length and "fingerprint" by which most virus software recognizes the code for what it is. That feature could make the virus harder to stop. There are three ways to stop the virus, said Weafer. - First, the network administrator can block all e-mail containing VBS scripts. - Second, users of Outlook should download Microsoft's newest patch and turn off VBS scripts. - Finally, users can turn off the Windows Scripting Host in Windows 98 by using the Control Panel/Add-Remove Programs/Windows Settings Tab/Acessories and uncheck the element "Windows Scripting Host." *-------------------------------------------------* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen. Alfred. M. Gray, USMC --------------------------------------------------- C4I Secure Solutions http://www.c4i.org *-------------------------------------------------* ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Worm alert! LOVELETTER gets nastier William Knowles (May 18)