DESIGNERCOUNCIL Archives

May 2000

DesignerCouncil@IPC.ORG

Options: Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Sender:
DesignerCouncil <[log in to unmask]>
X-To:
Date:
Thu, 4 May 2000 19:53:05 +0200
Reply-To:
Content-type:
text/plain; charset=US-ASCII
Subject:
From:
Matthias Mansfeld <[log in to unmask]>
Content-transfer-encoding:
7BIT
MIME-Version:
1.0
Organization:
Matthias Mansfeld Elektronik
Comments:
Authenticated sender is <[log in to unmask]>
Parts/Attachments:
text/plain (60 lines)
If it is interesting for people who got hit from this worm and need
to desinfect their computers manually:

I got this detailed description what it does and where it makes
changes from the NTBUGTRAQ mailing list. I hope this is not too much
Off-Topic but can help somebody.

------- Forwarded Message Follows -------
Date:          Thu, 4 May 2000 13:10:48 -0400
Reply-to:      Russ <[log in to unmask]>
From:          Russ <[log in to unmask]>
Subject:       Loveletter Worm
To:            [log in to unmask]

Seems quite a few people have been hit with a new worm called
Loveletter.

I received a number of copies from infected folks, as well as several
other warnings. I opened an infected message using Outlook 2000 with
my customized zone settings (basically, everything set to prompt) and
was not prompted at all (or warned in any way.) This, of course, on a
system with no AV installed.

This means, to me at least, that infection comes as a result of
actually clicking on the attached VBS (Visual Basic Script).

Of course its possible that other email clients might automatically
invoke the script, particularly I assume HTML-based packages.

I offer, once again, my two works on dealing with email and security;

http://ntbugtraq.ntadvice.com/safemail.asp

and

http://ntbugtraq.ntadvice.com/outlookviews.asp

Neither are intended to be a complete solution. You should contact
your support group and find out what, if anything, you need to do to
ensure your anti-virus programs are up-to-date. I know that Symantec,
Datafellows, and even NAI have updated definitions available for this
latest wave.

Regardless of how much you might think someone is going to send you a
love letter, you should treat any anonymous email as you would a knock
at your door at 3:00am in the morning...

I was particularly disturbed at receiving infected messages from RSA
Security, Inc. and Xerox Corporation...oh how even the mighty can
fall.

Cheers,
Russ - NTBugtraq Editor
"dot-age" (as in "we're in the dot-age") = senility (source Webster's)
-----------------------------------------------
Matthias Mansfeld Elektronik
* Leiterplattenlayout, Bestueckung
Am Langhoelzl 11, 85540 Haar; Tel.: 089/4620 093-7, Fax: -8
Internet: http://www.mansfeld-elektronik.de

ATOM RSS1 RSS2