Loveletter:
Virus name |
Loveletter |
Operating systems |
Windows 9x/2000/NT |
Type |
Internet-Worm and Trojan |
Variants |
Loveletter.A |
Infection:
The virus spreads via Email. The infection mail has the appearance:
Subject |
ILOVEYOU |
Text |
kindly
check the attached LOVELETTER coming from me |
Attachment |
LOVE-LETTER-FOR-YOU.TXT.vbs |
This Email will be transfered to all adresses in the outlook
adressbook, if you execute the attachment.
Payload:
The virus causes several damage on your system:
- The attachment is a visual basic script ans changes registry entries
for the Kernel32 (it overwrites the WIN32.DLL, which is executed at
every boot routine)
- The worm changes all files on your PC, which have the endingVBS,
VBE, JS, JSE, CSS, WSH, SCT, HTA, JPG, JPEG, MP3 or MP2.
It integrates files in the windows directories:
- MSKERNEL32.VBS in Windows\ System directory
- WIN32DLL.VBS in Windows directory
- LOVE-LETTER-FOR-YOU.TXT.vbs in Windows\ System directory
- WINFAT32.EXE in Windows\Downloaded Program Files directory
- WIN-BUGSFIX.EXE in Windows\Downloaded Program Files directory
- script.ini in mIRC directory
- It changes the starting page of the browser for a download of a file
named WIN-BUGFIX.EXE. This file was now removed from the net.
- The Outlook-adressbook will be searched for Email adresses and an
infectionmail will be sent to every found adress
Warning:
In great companie networks everyone has the same global adress book,
so the Exchange-server will send so many Emails, that he will not work
anyway.
Protection:
Outlook user are very endangered. Achieving an infectionmail this
should be deleted at once. Don't open it! In the browser options the
Active Scripting should be deactivated after getting an infection
mail. After this the mail can be marked and deleted without any damage.
The mail should neither be opened nor the attachment should be double
clicked. Many Anti-virus programs have updates in the net:
Remarks:
The worm comes from asia and has infected many companies on Thursday,
the 27th of April 2000. On the 4th of may it reached europe and infects
the networks a Microsoft, ZDF or Siemens for example.
Copyright
by All-About-PC. All rights reserved.
All information on this website is protected by international law. Any
reproduction or publication without the agreement of the editorial
office is prohibited. Please respect the work of others.
Although all information on this website is hardly recherched and
mostly checked and confirmed from secondary side, we do not take the
responsibillity for any damage originated from the use of the
information on our site. |