[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Nasty Virus - Re: Listserv problems; Unsubcsribe Instructio
Since we are talking about Listserve problems, I thought it might be worthwhile to pass this along just in anyone hasn't heard this yet. If you receive a message entitled "I LOVE YOU" - delete it immediately. It only effects Windows Outlook users. Mail servers are down everywhere because of this virus. I have received 6 messages so far this morning, mostly from listserves. I am attaching a CSRT alert. CSRT ALERT VBS.LoveLet Vandal A new VBScript worm vandal is circulating right now. It has already infected tens of thousands of PCs around the world, all in a matter of hours and has caused many mail servers to crash. The vandal is called VBS.LoveLet (Or VBS.ILoveYou.Worm). The most important thing right now is not to open any e-mail with the subject: "I love you" or "ILOVEYOU" or "love letter for you" or a variant of that text. The e-mail contains a VisualBasicScript named "LOVE-LETTER-FOR-YOU.vbs" that arrives as an e-mail attachment. It can sometimes arrive with a TXT, JPG, MP3 or other extensions as well (this is called "double extension") which makes it look more innocent, however it is just as dangerous. This vandal can also spread using mIRC chat programs. The vandal activity: 1. Attempt to send itself to all the e-mails in the address book. 2. On Windows 98 machines it will attempt to download and execute a virus named "WIN-BUGSFIX.exe" from several web sites. 3. It will set the homepage of Internet Explorer to a blank page. 4. It will search all the connected drives and infect VBScript, JavaScript, JScript, and the following file types vbs, vbe, js, jse, css, wsh, sct, hta 5. It will search for all mp3, mp2, jpg, and jpeg files, create a VBS file with the infected file name and a VBS extension. For example, if it finds a file named mysong.mp3 it will create an infected file with the name mysong.mp3.vbs. If this file is run it will infect the system. 6. It will try to send an infected HTML file, named "LOVE-LETTER-FOR-YOU.htm" to mIRC clients. Actions 1. Do not open an e-mail with the subject line: "ILoveYou", "ILOVEYOU" or "love letter for you". The body of the message will say " kindly check the attached LOVELETTER coming from me.". 2. If you suspect you were infected, search and delete the following files: MSKernel32.vbs Win32DLL.vbs LOVE-LETTER-FOR-YOU.vbs LOVE-LETTER-FOR-YOU.htm WinFAT32.exe in Windows download directory WIN-BUGSFIX.exe in Windows download directory script.ini in the mIRC 3. eSafe Gateway users should filter the attachment with "VBS" extensions. Also block mails with the subject lines "ILoveYou", "ILOVEYOU" or "love letter for you". 4. eSafe Enterprise and Desktop customers should download HOT Update that will be posted on www.esafe.com/update.html website. Aladdin CSRT - Content Security Response Team
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC