11 variations of the "LoveBug" in the wild!

Question

As many as 11 new copycats of the "LoveBug" virus have been found!

Answer

This question was answered on May 6, 2000. Much of the information contained herein may have changed since posting.

The current known variants look like one of the following:

SUBJECT: "ILOVEYOU"

MESSAGE: "kindly check the attached LOVELETTER coming from me."

ATTACHMENT: "LOVE-LETTER-FOR-YOU.TXT.vbs"

SUBJECT: "Virus ALERT!!!"

MESSAGE: A long message that pretends to be information from Symantec Corp about VBS/LoveLetter.worm

ATTACHMENT: "protect.vbs"

SUBJECT: "Dangerous Virus Warning"

MESSAGE: "There is a dangerous virus circulating Please click attached picture to view it and learn to avoid it."

ATTACHMENT: "virus_warning.jpg.vbs"

SUBJECT: "Joke"

MESSAGE: NONE

ATTACHMENT: "VeryFunny.vbs"

SUBJECT: "Important ! Read carefully !!"

MESSAGE: "Checked the attached IMPORTANT coming from me !"

ATTACHMENT: "IMPORTANT.TXT.vbs"

SUBJECT: "Mothers Day Order Confirmation"

MESSAGE: "We have proceeded to charge your credit card for the amount of $326.92 for the mothers day diamond special We have attached a detailed invoice to this email Please print out the attachment and keep it in a safe place.Thanks Again and Have a Happy Mothers Day!"

ATTACHMENT: " mothersday.vbs"

SUBJECT: "Susitikim shi vakara kavos puodukui..."

MESSAGE: "kindly check the attached LOVELETTER coming from me."

ATTACHMENT: "LOVE-LETTER-FOR-YOU.TXT.VBS"

This worm attempts to send copies of itself through mIRC to the IRC channels and through Outlook to all address book entries It then attempts to overwrite several types of files, including .jpg and .mp3

VBS/LoveLetter.worm also attempts to download and install an executable file that will email any cached passwords it finds to a predetermined address.

-------------------------------------------------------------------

DON'T OPEN ANY ATTACHMENTS TO AN E-MAIL MESSAGE FROM ANYONE, EVEN IF YOU TRUST THEM, UNLESS YOU KNOW EXACTLY WHAT IT IS THE FILE EXTENSION OF THIS CURRENT VIRUS OUTBREAK IS *.VBS - BUT IT MAY QUICKLY CHANGE!

From ZDNET (5/5/2000):

As many as five new strains of the "ILOVEYOU" worm have popped up just 24 hours after the first version appeared, including one labeled "fwd: Joke," and experts say many more can be expected in the coming days and weeks

Security experts from F-Secure Corp and elsewhere believe the most destructive of the lot will be the so-called "Mother's Day virus."

That strain has the subject line "Mother's Day Order Confirmation," with text that states the recipient's credit card has been charged $326.92 for a Mother's Day diamond special The e-mail urges the recipient to examine the attached invoice carefully and save it Once the fictional invoice is opened, the virus is in motion again

Richard Jacobs, president of Sophos Inc., an anti-virus software maker in Wakefield, Mass., said this strain is likely to dupe more people because of the timing -- Mother's Day is May 14 -- and because a bill is involved

The Mother's Day virus is especially nasty, Jacobs said, because instead of overriding JPEG files (as the "ILOVEYOU" worm does) it overrides and deletes BAT and INI files, which can cause more dam-age and prevent systems from booting up

"This one could be more difficult to clean up," he said

Jacobs added that more strains can be expected because anyone who receives a virus also receives the source code for it, making it easy for someone to go in, change a few words and launch a new strain

Jacobs said Sophos Inc is working to make more generic virus detection, capable of blocking the new strains before they do damage But, he acknowledged, "There is no way we can write something that detects all versions."

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!

Author

Posted by Ken of Data Doctors on May 6, 2000