OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ebxml-requirements message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Nasty Virus - Re: Listserv problems; Unsubcsribe Instructio

Since we are talking about Listserve problems, I thought it might be
worthwhile to pass this along just in anyone hasn't heard this yet.  If
you receive a message entitled "I LOVE YOU" - delete it immediately.  It
only effects Windows Outlook users.  Mail servers are down everywhere
because of this virus. I have received 6 messages so far this morning,
mostly from listserves. I am attaching a CSRT alert.

VBS.LoveLet  Vandal

A new VBScript worm vandal is circulating right now. It has already infected
tens of thousands of PCs
around the world, all in a matter of hours and has caused many mail servers
to crash.

The vandal is called VBS.LoveLet (Or VBS.ILoveYou.Worm).

The most important thing right now is not to open any e-mail with the
subject: "I love you"
or "ILOVEYOU" or "love letter for you" or a variant of that text. 

The e-mail contains a VisualBasicScript named "LOVE-LETTER-FOR-YOU.vbs" that
arrives as an e-mail
attachment. It can sometimes arrive with a TXT, JPG, MP3 or other extensions
as well (this is called
"double extension") which makes it look more innocent, however it is just as
dangerous. This vandal
can also spread using mIRC chat programs.

The vandal activity:
1. Attempt to send itself to all the e-mails in the address book.
2. On Windows 98 machines it will attempt to download and execute a virus
named "WIN-BUGSFIX.exe" from several web sites.
3. It will set the homepage of Internet Explorer to a blank page.
4. It will search all the connected drives and infect VBScript, JavaScript,
JScript, and the following
   file types vbs, vbe, js, jse, css, wsh, sct, hta
5. It will search for all mp3, mp2, jpg, and jpeg files, create a VBS file
with the infected file name
   and a VBS extension. For example, if it finds a file named mysong.mp3 it
will create an infected file
   with the name mysong.mp3.vbs. If this file is run it will infect the
6. It will try to send an infected HTML file, named
"LOVE-LETTER-FOR-YOU.htm" to mIRC clients.


1. Do not open an e-mail with the subject line: "ILoveYou", "ILOVEYOU" or
"love letter for you". The body
   of the message will say " kindly check the attached LOVELETTER coming
from me.".

2. If you suspect you were infected, search and delete the following files:

WinFAT32.exe in Windows download directory
WIN-BUGSFIX.exe in Windows download directory
script.ini in the mIRC

3. eSafe Gateway users should filter the attachment with "VBS" extensions.
Also block mails with the subject
   lines  "ILoveYou", "ILOVEYOU" or "love letter for you".

4. eSafe Enterprise and Desktop customers should download HOT Update that
will be posted on
   www.esafe.com/update.html website.

Aladdin CSRT - Content Security Response Team

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Search: Match: Sort by:
Words: | Help

Powered by eList eXpress LLC