ANST-Announce - I Love You...

Pug Bainter pug at pug.net
Thu May 4 10:54:36 PDT 2000


Good Morning,

  Now is a good time for the below post. This virus is real. It is
  become wide-spread *very* quickly. It has caused some mail systems to
  come to their knees in addition to destroying image and sound files.

  The details I have on the virus follow the regular post.

  Have fun.

Ciao,

-- 
Phelim "Pug" Gervase   | "I want to be called. COTTONTIPS. There is something 
Bryn Gwlad - Ansteorra |  graceful about that lady. A young woman bursting with 
Dark Horde Moritu      |  vigor. She blinked at the sudden light. She writes
pug at pug.net            |  beautiful poems. When ever shall we meet again?"
  Note: The views do not reflect the SCA nor the Kingdom of Ansteorra.
-------------- next part --------------
Good Morning,

  The information below is good advice and please remember it before
  taking *any* action.

  First, don't believe every virus warning you receive. Many of them are
  false but are in a format or with false creditionals that leads most
  people to believe them. If you get one, please check the sites below
  to see if it is valid. Many of these you will find verbatim as being
  a hoax that is either new or been around many years.

  Second, if you get an attachment from someone that you are not
  suspecting, do not open it. Verify what the person sent you was meant
  for you and what the content is.

  Third, ensure that your Anti-Virus software is always current. I
  actually have mine download updates daily due to the rapid discovery
  of new viruses right now.

  Finally, if you are in doubt, please feel free to contact me via email
  at pug at pug.net before forwarding any information on. In general I will
  know about many items such as this before others due to some mailing
  lists that I monitor.

  This message, or a modified version of it, will be posted through the
  Announce list on a quarterly basis. Those list administrators who wish
  to include it on their lists not included in this regular posting are
  welcome to.

----
Government and security organizations:

http://ciac.llnl.gov
http://csrc.nist.gov/virus/
http://www.cert.org


Third party informational sites:

http://www.kumite.com/myths
http://www.snopes.com
http://www.urbanlegends.com


Anti-Virus vendors:

http://www.mcafee.com               (http://www.mcafee.com/centers/anti-virus/)
http://www.symantec.com             (http://www.symantec.com/avcenter/)
http://www.f-secure.com             (http://www.f-secure.com/virus-info/)
http://www.windrivers.com/virus/index.htm


A good "how-to" for safe email practices:

http://ntbugtraq.ntadvice.com/safemail.asp
-----

  I hope this information has been useful to you and you will use it
  wisely.

  If you know of sites that should be added to this list, please let me
  know and I will include them.


Sincerely,

--
Phelim "Pug" Gervase   | "I want to be called. COTTONTIPS. There is something 
Bryn Gwlad - Ansteorra |  graceful about that lady. A young woman bursting with 
Dark Horde Moritu      |  vigor. She blinked at the sudden light. She writes
pug at pug.net            |  beautiful poems. When ever shall we meet again?"
  Note: The views do not reflect the SCA nor the Kingdom of Ansteorra.
-------------- next part --------------
Date: Thu, 04 May 2000 14:43:06 +0300
To: press-english-technical at lists.datafellows.com,
        press-english-interest at lists.datafellows.com,
        press-pr at lists.datafellows.com,
        press-english-virus-announcement at lists.datafellows.com
From: Marita Nasman-Repo <Marita.Nasman-Repo at F-Secure.com>
Subject: Media Release: F-SECURE WARNS: LOVE LETTER E-MAIL WORM might
  exceed Melissa in severity 


This press release comes from F-Secure. For more
information on F-Secure's mailing list policy,
see end of message.

F-SECURE WARNS: LOVE LETTER E-MAIL WORM might exceed Melissa in severity

ESPOO, Finland, May 4th, 2000 - F-Secure Corporation (formerly Data 
Fellows) [HEX: FSC], a leading provider of security for mobile, distributed 
enterprises, is warning e-mail users of a new destructive e-mail worm 
called VBS/LoveLetter. This worm spreads by e-mailing a file called 
LOVE-LETTER-FOR-YOU.TXT.vbs around. F-Secure Anti-Virus detects and 
disinfects the virus, with the latest update available from www.F-Secure.com  .

"This worm spreads at an amazing speed", comments Mikko Hypponen, Manager 
of Anti-Virus Research at F-Secure Corporation. "We got the first report 
around 9:00 a.m. on Thursday from Norway, and by 1 p.m. we had reports from 
over 20 countries. We estimate that total number of infected machines is 
already in tens of thousands. This epidemic might exceed Melissa in both 
speed and destructiveness."

The LoveLetter worm activates by overwriting picture and music files from 
the local and network drives. Files with extension JPG, JPEG, MP3 and MP2 
are overwritten and will have to be restored from backups.

The worm arrives to users in e-mail message attachments called 
LOVE-LETTER-FOR-YOU.TXT.vbs. On a default Windows system, the ".vbs" 
extension is not visible, and users might mistake the file for a harmless 
text file (.TXT). If the recipient opens the attachment, the worm will use 
Microsoft Outlook (if installed) to send a message to everyone in any 
address books (including global access books of the organization  these 
typically contains hundreds or thousands of addresses). The messages is as 
follows:

      From:       Name-of-the-infected-user
      To:           Random-name-from-the-address-book
      Subject:    ILOVEYOU

     kindly check the attached LOVELETTER coming from me.

     Attachment: LOVE-LETTER-FOR-YOU.TXT.vbs

As address books typically contain group addresses, the result of executing 
the VBS/LoveLetter worm inside an organization is that the first infected 
user sends the message to everybody in the organization. After this, other 
users open the message and send the message again to everyone else. This 
quickly overloads e-mail servers.

In addition to spreading over e-mail, the worm also overwrites existing 
local script and HTML files with its own code.

The worm was most likely written in the Philippines. It was first spotted 
in early morning, Thursday May 4. It contains the following text:

       barok -loveletter(vbe) <i hate go to school>
       by: spyder  /  ispyder at mail.com  /  @GRAMMERSoft 
Group  /  Manila,Philippines

VBS/LoveLetter is written in the VBScript language. By default, programs 
written in VBScript operate only under Windows 98 and Windows 2000. 
However, Windows 95 and NT 4 users are also vulnerable, if they have 
installed version 5 of Microsoft Internet Explorer.

A technical description of the virus is available in the F-Secure virus 
description database at: http://www.F-Secure.com/v-descs/love.htm

Sample pictures of e-mail messages generated by VBS/LoveLetter are 
available in the F-Secure virus screenshots center at: 
http://www.F-Secure.com/virus-info/v-pics/

About F-Secure Corporation

F-Secure Corporation is a leading developer of centrally managed security 
solutions for the mobile, distributed enterprise. The company offers a full 
range of award-winning integrated anti-virus, file encryption, distributed 
firewall and VPN solutions. F-Secure products and the underlying policy 
management framework enable corporate IT departments as well as service 
providers to deliver Security as a Service(tm). For the end-user, Security 
as a Service is invisible, automatic, reliable, always-on, and up-to-date. 
For the administrator, Security as a Service means policy-based management, 
instant alerts, and centralized management of a widely-distributed user base.

Founded in 1988, F-Secure is listed on the Helsinki Stock Exchange [HEX: 
FSC]. The company is headquartered in Espoo, Finland with North American 
headquarters in San Jose, California, as well as offices in Canada, China 
(Hong Kong and Beijing), France, Germany, Japan, Sweden and the United 
Kingdom. F-Secure is supported by a network of VARs and Distributors in 
over 90 countries around the globe.

For more information, please contact

USA:
F-Secure Inc.
Mr. Dan Takata, Manager, Training Division, Professional Services
675 N. First Street, 5th Floor
San Jose, CA 95112
Tel. +1 408 938 6700,
Fax  +1 408 938 6701
e-mail Dan.Takata at F-Secure.com

Finland:
F-Secure Corporation
Mr. Mikko Hypponen, Manager, Anti-Virus Research.
PL 24
FIN-02231 ESPOO
Tel +358 9 8599 0513
Fax +358 9 8599 0599
E-mail: Mikko.Hypponen at F-Secure.com

http://www.F-Secure.com/

Note to Editors: Further technical information and a screenshot of the 
virus is available at:
http://www.F-Secure.com/virus-info/v-pics/


Mailing list policy

You have previously expressed interest in our products, or have asked
to be included on one of our press release lists by personally giving us
your e-mail address for this purpose.Our mailing list are for the
exclusive use and the expressed purpose of F-Secure and are not
sold or or given to third parties.

If you no longer wish to receive our press releases, or your email address
has been added to our lists without your consent, you can unsubscribe at
http://www.F-Secure.com/news/subscribe.html

If you only wish to receive our press releases concerning viruses,
please go to
http://www.F-Secure.com/news/subscribe.html
and first unsubscribe from
press-english-interest at lists.F-Secure.com
and then subscribe to
press-english-virus-announcement at lists.F-Secure.com

________________________________________________

  Marita Nasman-Repo             tel:    +358 9 8599 0613
  Communicator           fax :   +358 9 8599 0599
                                 mobile: +358 40 517 4613

  F-Secure Corporation   http://www.F-Secure.com

  F-Secure products: Security for the mobile, distributed enterprise
__________________________________________________



More information about the Southern mailing list