ANST-Announce - I Love You...
Pug Bainter
pug at pug.net
Thu May 4 10:54:36 PDT 2000
Good Morning,
Now is a good time for the below post. This virus is real. It is
become wide-spread *very* quickly. It has caused some mail systems to
come to their knees in addition to destroying image and sound files.
The details I have on the virus follow the regular post.
Have fun.
Ciao,
--
Phelim "Pug" Gervase | "I want to be called. COTTONTIPS. There is something
Bryn Gwlad - Ansteorra | graceful about that lady. A young woman bursting with
Dark Horde Moritu | vigor. She blinked at the sudden light. She writes
pug at pug.net | beautiful poems. When ever shall we meet again?"
Note: The views do not reflect the SCA nor the Kingdom of Ansteorra.
-------------- next part --------------
Good Morning,
The information below is good advice and please remember it before
taking *any* action.
First, don't believe every virus warning you receive. Many of them are
false but are in a format or with false creditionals that leads most
people to believe them. If you get one, please check the sites below
to see if it is valid. Many of these you will find verbatim as being
a hoax that is either new or been around many years.
Second, if you get an attachment from someone that you are not
suspecting, do not open it. Verify what the person sent you was meant
for you and what the content is.
Third, ensure that your Anti-Virus software is always current. I
actually have mine download updates daily due to the rapid discovery
of new viruses right now.
Finally, if you are in doubt, please feel free to contact me via email
at pug at pug.net before forwarding any information on. In general I will
know about many items such as this before others due to some mailing
lists that I monitor.
This message, or a modified version of it, will be posted through the
Announce list on a quarterly basis. Those list administrators who wish
to include it on their lists not included in this regular posting are
welcome to.
----
Government and security organizations:
http://ciac.llnl.gov
http://csrc.nist.gov/virus/
http://www.cert.org
Third party informational sites:
http://www.kumite.com/myths
http://www.snopes.com
http://www.urbanlegends.com
Anti-Virus vendors:
http://www.mcafee.com (http://www.mcafee.com/centers/anti-virus/)
http://www.symantec.com (http://www.symantec.com/avcenter/)
http://www.f-secure.com (http://www.f-secure.com/virus-info/)
http://www.windrivers.com/virus/index.htm
A good "how-to" for safe email practices:
http://ntbugtraq.ntadvice.com/safemail.asp
-----
I hope this information has been useful to you and you will use it
wisely.
If you know of sites that should be added to this list, please let me
know and I will include them.
Sincerely,
--
Phelim "Pug" Gervase | "I want to be called. COTTONTIPS. There is something
Bryn Gwlad - Ansteorra | graceful about that lady. A young woman bursting with
Dark Horde Moritu | vigor. She blinked at the sudden light. She writes
pug at pug.net | beautiful poems. When ever shall we meet again?"
Note: The views do not reflect the SCA nor the Kingdom of Ansteorra.
-------------- next part --------------
Date: Thu, 04 May 2000 14:43:06 +0300
To: press-english-technical at lists.datafellows.com,
press-english-interest at lists.datafellows.com,
press-pr at lists.datafellows.com,
press-english-virus-announcement at lists.datafellows.com
From: Marita Nasman-Repo <Marita.Nasman-Repo at F-Secure.com>
Subject: Media Release: F-SECURE WARNS: LOVE LETTER E-MAIL WORM might
exceed Melissa in severity
This press release comes from F-Secure. For more
information on F-Secure's mailing list policy,
see end of message.
F-SECURE WARNS: LOVE LETTER E-MAIL WORM might exceed Melissa in severity
ESPOO, Finland, May 4th, 2000 - F-Secure Corporation (formerly Data
Fellows) [HEX: FSC], a leading provider of security for mobile, distributed
enterprises, is warning e-mail users of a new destructive e-mail worm
called VBS/LoveLetter. This worm spreads by e-mailing a file called
LOVE-LETTER-FOR-YOU.TXT.vbs around. F-Secure Anti-Virus detects and
disinfects the virus, with the latest update available from www.F-Secure.com .
"This worm spreads at an amazing speed", comments Mikko Hypponen, Manager
of Anti-Virus Research at F-Secure Corporation. "We got the first report
around 9:00 a.m. on Thursday from Norway, and by 1 p.m. we had reports from
over 20 countries. We estimate that total number of infected machines is
already in tens of thousands. This epidemic might exceed Melissa in both
speed and destructiveness."
The LoveLetter worm activates by overwriting picture and music files from
the local and network drives. Files with extension JPG, JPEG, MP3 and MP2
are overwritten and will have to be restored from backups.
The worm arrives to users in e-mail message attachments called
LOVE-LETTER-FOR-YOU.TXT.vbs. On a default Windows system, the ".vbs"
extension is not visible, and users might mistake the file for a harmless
text file (.TXT). If the recipient opens the attachment, the worm will use
Microsoft Outlook (if installed) to send a message to everyone in any
address books (including global access books of the organization these
typically contains hundreds or thousands of addresses). The messages is as
follows:
From: Name-of-the-infected-user
To: Random-name-from-the-address-book
Subject: ILOVEYOU
kindly check the attached LOVELETTER coming from me.
Attachment: LOVE-LETTER-FOR-YOU.TXT.vbs
As address books typically contain group addresses, the result of executing
the VBS/LoveLetter worm inside an organization is that the first infected
user sends the message to everybody in the organization. After this, other
users open the message and send the message again to everyone else. This
quickly overloads e-mail servers.
In addition to spreading over e-mail, the worm also overwrites existing
local script and HTML files with its own code.
The worm was most likely written in the Philippines. It was first spotted
in early morning, Thursday May 4. It contains the following text:
barok -loveletter(vbe) <i hate go to school>
by: spyder / ispyder at mail.com / @GRAMMERSoft
Group / Manila,Philippines
VBS/LoveLetter is written in the VBScript language. By default, programs
written in VBScript operate only under Windows 98 and Windows 2000.
However, Windows 95 and NT 4 users are also vulnerable, if they have
installed version 5 of Microsoft Internet Explorer.
A technical description of the virus is available in the F-Secure virus
description database at: http://www.F-Secure.com/v-descs/love.htm
Sample pictures of e-mail messages generated by VBS/LoveLetter are
available in the F-Secure virus screenshots center at:
http://www.F-Secure.com/virus-info/v-pics/
About F-Secure Corporation
F-Secure Corporation is a leading developer of centrally managed security
solutions for the mobile, distributed enterprise. The company offers a full
range of award-winning integrated anti-virus, file encryption, distributed
firewall and VPN solutions. F-Secure products and the underlying policy
management framework enable corporate IT departments as well as service
providers to deliver Security as a Service(tm). For the end-user, Security
as a Service is invisible, automatic, reliable, always-on, and up-to-date.
For the administrator, Security as a Service means policy-based management,
instant alerts, and centralized management of a widely-distributed user base.
Founded in 1988, F-Secure is listed on the Helsinki Stock Exchange [HEX:
FSC]. The company is headquartered in Espoo, Finland with North American
headquarters in San Jose, California, as well as offices in Canada, China
(Hong Kong and Beijing), France, Germany, Japan, Sweden and the United
Kingdom. F-Secure is supported by a network of VARs and Distributors in
over 90 countries around the globe.
For more information, please contact
USA:
F-Secure Inc.
Mr. Dan Takata, Manager, Training Division, Professional Services
675 N. First Street, 5th Floor
San Jose, CA 95112
Tel. +1 408 938 6700,
Fax +1 408 938 6701
e-mail Dan.Takata at F-Secure.com
Finland:
F-Secure Corporation
Mr. Mikko Hypponen, Manager, Anti-Virus Research.
PL 24
FIN-02231 ESPOO
Tel +358 9 8599 0513
Fax +358 9 8599 0599
E-mail: Mikko.Hypponen at F-Secure.com
http://www.F-Secure.com/
Note to Editors: Further technical information and a screenshot of the
virus is available at:
http://www.F-Secure.com/virus-info/v-pics/
Mailing list policy
You have previously expressed interest in our products, or have asked
to be included on one of our press release lists by personally giving us
your e-mail address for this purpose.Our mailing list are for the
exclusive use and the expressed purpose of F-Secure and are not
sold or or given to third parties.
If you no longer wish to receive our press releases, or your email address
has been added to our lists without your consent, you can unsubscribe at
http://www.F-Secure.com/news/subscribe.html
If you only wish to receive our press releases concerning viruses,
please go to
http://www.F-Secure.com/news/subscribe.html
and first unsubscribe from
press-english-interest at lists.F-Secure.com
and then subscribe to
press-english-virus-announcement at lists.F-Secure.com
________________________________________________
Marita Nasman-Repo tel: +358 9 8599 0613
Communicator fax : +358 9 8599 0599
mobile: +358 40 517 4613
F-Secure Corporation http://www.F-Secure.com
F-Secure products: Security for the mobile, distributed enterprise
__________________________________________________
More information about the Northern
mailing list