[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Virus Alert - "I LOVE YOU"



PureBytes Links

Trading Reference Links

> This far it seems to affect outlook (express) users.<

I hate to repeat it but that's a hoax. It affects any PC/mainframe capable to execute VBS files,
(eg Win98/NT/2K, IE4+, Apple, HTML, ASP etc{thus the entire Unix-ed internet} since all rely for VBS
on WSH or Cscript.exe or Wscript.exe) and in combination with any mailprogram capable
to receive attachments, ofcourse.

Do not say that Listers weren't warned up front here. That this could happen to anyone, whatever
the setup (above) or protection (below).
Note too that it is also not a Windows leak(before we get any plain stupid mails on that subject)
since that any OS's can be influenced in this same manner, since their all based on commands.
And too, that basically, protection cannot be written for catastrophic "hic ups" like this.

---------------------------------------------------------------------
Its funny to also note how all AV programs weren't capable to catch this very simplistic Trojan.
F-Secure came closest, eg it did signal something to the extend that a "scriptable file is attached", but
all other AV's clearly fell through (and through their allready sqeeky knees).

Around 09:00 this morning I received at work the 1st mail.
If I wanted "to check the "ILOVEYOU' message".

1) How stupidly put a one-liner can be...........{the word 'attachment' was left out from the above line}
2) How stupid that catch in that one-liner can be (many guys have thought that just liked that they
     had turned into "beautifull" lover-boy Romeo, and clicked attachment.............)
3) Attachment was a VBS file, which is basicaly a plain ASCII txt file now turned vbs, filled for contents
     with executable script statements.
4) That extension alone should have ALL alarm-bells going off, and especialy "if being attached" to a mail
5) Than reading the contents, eg you could have saved attachment as txt and read it using NotePad,
     where I by default always use QVP
6) Commands in script statements were having funny comments added to them:
     "Win opens win when user must click....."
7) I know that my English is "languaged", but that one liner was just (only the start of continuous) bad vocabulary
8) Then the calls for the Registry info and later storing in Variables should for the n'th time have the Alarm bells going..........
9) Then the continues repetativeness in calling the Registry over and over again alone should have the Alarms going
10) Then the Registry call's for the used OS "system" checks and loops should have finaly fired any Alarm bell

At 09:05 I replied to "Everyone" (eg a basic "Re: ...." reply mail, without any attachments), informing about the virus
               and to not to click the content..................

{in the mean time more of the exact same Love-mails from different senders were flying in}

11) Which had eroused even more guys (but also plainly had all the girls) click the mail's contents

At 09:12 I finaly received a mail from the SYSMNGMNT dep that a virusmail was being received and blah blah blah
                not to click contents

{naturaly plenty more lovemails flew in}

And finaly, at 09:20 the Mail server collapsed

Up till 18:00, when I left, the Mail server wasn't ever up in the air, blocking a day's "Daily trading Business"
------------------------------------------------------------------------------------------------------

Thus, like mentioned on List several times before, you yourselve are the best AV protection around
(eg and with the support of QVP).

Regards,
Ton Maas
ms-irb@xxxxxxxxxxxxxxxx
Dismiss the ".nospam" bit (including the dot) when replying.
Homepage  http://home.planet.nl/~anthmaas


----- Original Message -----
From: "Henry Amand" <back@xxxxxxxxxxx>
To: "metastock list" <metastock@xxxxxxxxxxxxx>
Sent: donderdag 4 mei 2000 16:31
Subject: Virus Alert - "I LOVE YOU"


> There is a virus called " I LOVE YOU" which is making the rounds.
>
> If you receive an e-mail wich has an atachement saying
> i love you.txt do not open.
>
>
> For validation that thsi warning is for real
>
>
> www.datafellows.com
>
> www.avp.ch
>
> both anti virus program makers.
>
> The Virus spreads itself same way as melissa did. It sends
> an e-mail to everyone in your adress book. This far
> it seems to affect outlook (express) users.
>
> greetings
>
> henry
>
>