If it is interesting for people who got hit from this worm and need
to desinfect their computers manually:
I got this detailed description what it does and where it makes
changes from the NTBUGTRAQ mailing list. I hope this is not too much
Off-Topic but can help somebody.
------- Forwarded Message Follows -------
Date: Thu, 4 May 2000 13:10:48 -0400
Reply-to: Russ <[log in to unmask]>
From: Russ <[log in to unmask]>
Subject: Loveletter Worm
To: [log in to unmask]
Seems quite a few people have been hit with a new worm called
Loveletter.
I received a number of copies from infected folks, as well as several
other warnings. I opened an infected message using Outlook 2000 with
my customized zone settings (basically, everything set to prompt) and
was not prompted at all (or warned in any way.) This, of course, on a
system with no AV installed.
This means, to me at least, that infection comes as a result of
actually clicking on the attached VBS (Visual Basic Script).
Of course its possible that other email clients might automatically
invoke the script, particularly I assume HTML-based packages.
I offer, once again, my two works on dealing with email and security;
http://ntbugtraq.ntadvice.com/safemail.asp
and
http://ntbugtraq.ntadvice.com/outlookviews.asp
Neither are intended to be a complete solution. You should contact
your support group and find out what, if anything, you need to do to
ensure your anti-virus programs are up-to-date. I know that Symantec,
Datafellows, and even NAI have updated definitions available for this
latest wave.
Regardless of how much you might think someone is going to send you a
love letter, you should treat any anonymous email as you would a knock
at your door at 3:00am in the morning...
I was particularly disturbed at receiving infected messages from RSA
Security, Inc. and Xerox Corporation...oh how even the mighty can
fall.
Cheers,
Russ - NTBugtraq Editor
"dot-age" (as in "we're in the dot-age") = senility (source Webster's)
-----------------------------------------------
Matthias Mansfeld Elektronik
* Leiterplattenlayout, Bestueckung
Am Langhoelzl 11, 85540 Haar; Tel.: 089/4620 093-7, Fax: -8
Internet: http://www.mansfeld-elektronik.de
|