"Love" Worm alert!
My friend got infected with with a worm and it was nice enough to send itself to me. It's a dead giveaway to people who are used to these things (vbs file, odd message body, etc) but some people may not recognize it.
My friend got infected with with a worm and it was nice enough to send itself to me. It's a dead giveaway to people who are used to these things (vbs file, odd message body, etc) but some people may not recognize it. If you get an email with "love" in it and an attachment, delete it. Also, contact the sender as they need to know about it. If you REALLY want to know what it does, you can SAVE it to you desktop, right click on it and choose EDIT. Then you can read all the shiny new reg keys it creates. I don't recommend it if you don't need to know how it works, but I have to see what it does so I can stay up with it if it makes it way into some of my client machines. You have been warned.
------------------
Regards,
clutch
------------------
Regards,
clutch
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
Man, did it hit us, and HARD!!! Was working till 3 AM last night fixing this. The company I work for host alot of dot.com e-commerce sites and alot of them were infected. I just hope they catch the little geek who caused all this and.....(you can make up your own torture and insert it here)
------------------
Celeron 300A@450, Abit BH6, 160 RAM, Seagate Barracuda 20.4gig 7.2k rpm UDMA66, Modified Promise ultra66 turned into a Fasttrack hack, 48x Lite-on CDROM
Diamond v770 tnt2 16 meg, Voodoo2 8, meg, 17"Daytek
------------------
Celeron 300A@450, Abit BH6, 160 RAM, Seagate Barracuda 20.4gig 7.2k rpm UDMA66, Modified Promise ultra66 turned into a Fasttrack hack, 48x Lite-on CDROM
Diamond v770 tnt2 16 meg, Voodoo2 8, meg, 17"Daytek
I heard it may have been a Woman... Might explain the ILOVEYOU Subject header..!!!
Anyhow, it hit our Exchange Server, but thankfully no one ran it..
I've since set up a rule in exchange to send *.VBS files to another folder for me to vet, and have disabled the .VBS ext in file types...
This is not funny... It wasn't the worse virus I've ever seen.. The win32.CIH virus was perhaps worse in what it did... This was just a pain in the ass as it attacked multi-media files and took up time on e-mail servers.. It was a ***** it tried to download the password grabber as well...
But looking into the code, I was amazed at how simple it really was... The reg entries were a work of art..!!!
Good VBS code work, but still very wrong...
Anyhow, it hit our Exchange Server, but thankfully no one ran it..
I've since set up a rule in exchange to send *.VBS files to another folder for me to vet, and have disabled the .VBS ext in file types...
This is not funny... It wasn't the worse virus I've ever seen.. The win32.CIH virus was perhaps worse in what it did... This was just a pain in the ass as it attacked multi-media files and took up time on e-mail servers.. It was a ***** it tried to download the password grabber as well...
But looking into the code, I was amazed at how simple it really was... The reg entries were a work of art..!!!
Good VBS code work, but still very wrong...
