some more info on the virus

From: jero@souljazz.com
Date: Thu May 04 2000 - 18:18:23 MET DST

  • Next message: andrei marinescu: "help: london & paris events/places"

    Info from: http://www.sophos.com/virusinfo/analyses/vbsloveleta.html (which can't be reached due to the virus at the moment)

    The attachment is called "LOVE-LETTER-FOR-YOU.TXT.vbs", which has a "double extension". Mailers which suppress well-known extensions such as .vbs may present this file as "LOVE-LETTER-FOR-YOU.TXT", which appears more innocent. Do not be misled by a trick like this.

     Because the virus arrives in a VBS file, it requires the Windows Scripting Host (WSH) in order to work. If you disable WSH, the viral attachment will be rendered harmless.

    The virus also drops an HTM file which can spread the virus, and a mIRC script which tries to distribute it. It also tries to download a file called WIN-BUGSFIX.exe from the internet, and injects two copies of its VBS script into the system directory where they are executed each time the computer reboots.

    The email component of the virus requires Microsoft Outlook to work. If you are using Outlook it will try to send itself to each entry in your Windows Address Book. Note that following the Sophos Guidelines for Safe Hex will render you almost immune to this attack. If you do not read unusual or unlikely emails and if you have disabled the WSH, then you are unlikely to become infected.

    note by Jeroen; the winbug-exe file has been removed from the server so that part of the danger is gone

    cheers,

    J.



    This archive was generated by hypermail 2b29 : Thu May 04 2000 - 18:21:46 MET DST