SC - FW: ! URGENT Virus alert by Global Support Center
Siegfried Heydrich
baronsig at peganet.com
Thu May 4 06:50:48 PDT 2000
THIS ONE IS REAL. DO NOT OPEN ANYTHING THAT SAYS "I LOVE YOU" OR 'A LOVE
LETTER FOR YOU".
Sieggy
Below is the writeup from Nortons site:
VBS.LoveLetter.A
This is an email worm, mIRC worm, and file infector.
Also known as:
Category: Worm
Infection length: 10307
Virus definitions: Pending
Threat assessment:
Damage: High
Distribution: High
Wildness: High
Wild
Number of infections: More than 1000
Number of sites: More than 10
Geographic distribution: High
Threat containment: Moderate
Removal: Moderate
Damage
Payload:
Large scale e-mailing: All the addresses in Microsoft Outlook address book
Degrades performance: May clog mail servers
Distribution
Subject of e-mail: ILOVEYOU
Name of attachment: LOVE-LETTER-FOR-YOU.TXT.vbs
Size of attachment: 10307
Technical description:
This is a preliminary writeup. The information contained within is to
provide as much information as possible at this time.
VBS.LoveLetter.A is an email worm, mIRC worm, and a file infector.
VBS.LoveLetter.A will use Microsoft Outlook and email itself out as an
attachment with the above subject line and attachment name. The body of the
message will be
kindly check the attached LOVELETTER coming from me.
The virus will also infect files with the following extensions: vbs, vbe,
js, jse, css, wsh, sct, hta, jpg, jpeg, mp3, and mp2
The virus will insert the following files:
MSKernel32.vbs in the Windows System directory
Win32DLL.vbs in the Windows directory
LOVE-LETTER-FOR-YOU.TXT.vbs in the Windows System directory
WinFAT32.EXE in the Internet download directory
WIN-BUGSFIX.EXE in the Internet download directory
script.ini in the mIRC directory
SARC recommends Administrators filter on the attachment name and Subject
line immediately.
This writeup will be verified and formalized within the hour.
Removal:
Delete found infected files.
Write-up by: Eric Chien
Updated: May 4, 2000
More information about the Sca-cooks
mailing list