The office here has been hit by an email virus that has "ILOVEYOU" in the subject line. Don't open or preview any emails with this subject if you're using MSOutlook and/or the Windows Scripting engine (which I think is installed by MSIE-5). I've been lucky (no accidental double-clicks!), but you may want to be on your guard, as it seems to be worldwide (I got one copy from a guy I know in France).<br><br>The virus writes an entry into the registry to start itself up after a reboot. If you are running NT, you can kill the task called "MSKernel32.vbs", but you will need to edit the registry key at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" to stop it for good. It also modifies the home page for your copy of Internet Explorer to point to one of four randomly chosen URLs, so you'll have to also edit the registry key at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main", value "Start Page" -- change it to "about:blank" to disable the undesired home page destination.<br><br>A coworker has found out that it also attempts to send faxes to everyone you know (should you have a faxmodem). I suspect it will make use of network fax devices, too. One of the nastier things it does is replace all .mp3 and .jpg files with copies of itself.<br><br>CNN is reporting that this virus has shut down the computers at the British House Of Commons, and the Danish Parliament. They quoted an expert (not me, obviously!) that it's spreading as fast or faster than Melissa, since it doesn't limit itself to the first 50 address-book entries like Melissa did. One person here at work inadvertantly sent out 165 copies.<br><br>Chip H.<br>
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
"Love Bug" virus
- Thread starter chiph
- Start date
- Status
There's a CERT advisory - "CERT Advisory CA-2000-04 Love Letter Worm" - available at <A HREF=" TARGET="_new"> also a clean up program available from <A HREF=" TARGET="_new"> been lucky enough (so far...) not to have been hit by this, so I've not had chance to try the cleanup program on an infected system. I've run it on my uninfected home system, and it doesn't seem to have had any detrimental effects yet 
<br><br>HTH.
<br><br>HTH.- Thread starter
- #3
Karl Blessing
Programmer
Since this is a vbscript, microsoft should be at fault, a vbscript is nothing more than a txt file, when outlook or IE sees this extension it automatically <b>interprets</b> the vbscript. this basically means if I type in a text file the Visual Basic command to delete a few files, and renamed the extension to vbs, IE or outlook would do it, so it brings me to my second point, why cant microsoft , like many other companies (especially for java) put in code checks that identifies rather destructive commands, where it ask the user if he or she wants to continue with the script explaning some of the content of the commands. <p>Karl<br><a href=mailto:kb244@kb244.8m.com>kb244@kb244.8m.com</a><br><a href= </a><br>Experienced in , or have messed with : VC++, Borland C++ Builder, VJ++6(starting),VB-Dos, VB1 thru VB6, Delphi 3 pro, Borland C++ 3(DOS), Borland C++ 4.5, HTML, ASP(somewhat), QBasic(least i didnt start with COBOL)
- Thread starter
- #5
The lack of safety of OCXs and VB Scriptlets has been at the core of the Java vs. Microsoft discussion. <br><br>The Java camp's argument is that the Microsoft technologies aren't safe, and allow a malicious piece of code to damage a user's machine. Microsoft's position has been that developers want the power their tools give them, and that users should be more careful about what they run.<br><br>My position is somewhere in the middle, but tending towards the Java side of things. There was a guy who wrote a signed OCX (as a demonstration only), that when you went to his web site, would power off your PC (via the ACPI programming interface). Obviously, someone being able to power off your PC without your hitting the button is a problem. MS got peeved at him (no surprise) and asked Verisign to revoke his certificate (which they did).<br><br>I'm in favor of what I call "Digital Diversity", where people run different kinds/brands of software in order to prevent 90% of the world's computers (the percent running Windows) being vulnerable to a virus. Comparisons to the biological world are easy -- if everyone grew a certain type of engineered wheat, then a virus could come along and wipe out the world's supply very easily, since the wheat would have no defenses. But if there were several different kinds of wheat being grown, then a virus wouldn't be able to destroy the entire crop, only a small part of it.<br><br>Chip H.<br>
Karl Blessing
Programmer
OCX are different, they're compiled works, Java is not compiled, it is interpreted (according to microsoft tho, with their Java VM, it downloads the Java's ByteCode, then compiles it into native windows language) so Java being interpreted can still show commands that could be harmful, and besides Java is supposed to be universal, one of the major aspect of the applet, is that they have absolutly no permision to the user's file system. and OCX is compiled, like any other exe, or software, but Vbscript is interpreted just like Java, only vbscript has almost no limitations, and almost no security check, I agree with everything you are saying except for the OCX in concept. <p>Karl<br><a href=mailto:kb244@kb244.8m.com>kb244@kb244.8m.com</a><br><a href= </a><br>Experienced in , or have messed with : VC++, Borland C++ Builder, VJ++6(starting),VB-Dos, VB1 thru VB6, Delphi 3 pro, Borland C++ 3(DOS), Borland C++ 4.5, HTML, ASP(somewhat), QBasic(least i didnt start with COBOL)
Karl Blessing
Programmer
I would gladly goto a different operating system(except macs eww) but problem is too much reasources are being dumped into microsoft , support or even user-friendlness lacks in other operating systems. I have notice that bill gates side of this I Love you script, his statement was if we force microsoft to split the company making security fixes for such viruses would be harder to obtain, which in my opinion would just be bull, but how do we know that M$ didnt create this virus themselves as an example of why we "need" them, or better yet why couldnt microsoft work on the simple measures of security in some of the most recent problems, and have you noticed some of the best viruses so far have been those that used M$ outlook or word to helpt hem along, in either VBscript, or as a Macro, The point is, is that microsoft's own software executes the command to terminate, shut off, delete etc, not the virus itself, because the virus is only a set of commands, not a compiled machine code itself. <p>Karl<br><a href=mailto:kb244@kb244.8m.com>kb244@kb244.8m.com</a><br><a href= </a><br>Experienced in , or have messed with : VC++, Borland C++ Builder, VJ++6(starting),VB-Dos, VB1 thru VB6, Delphi 3 pro, Borland C++ 3(DOS), Borland C++ 4.5, HTML, ASP(somewhat), QBasic(least i didnt start with COBOL)
Hehe - I had to comment on the Bill Gates quote you mention... Microsoft put VBA into all the Office programs, and reviewers said "Hmmm... nice idea, but what if someone sends me a document with some VBA that will format my HD? Or at least delete a few files."<br><br>Shortly after it was revealed that the first VBA macro virus was being shipped on MS Office CDs. Appparently it was written by an internal programmer as a "proof of concept" and somehow made it onto the final shipping CDs.<br><br>"How do we stop this happening!?!?!?" cried the world. "Ah", replied Microsoft, "see that 'disable automatic macro execution' option? Select that."<br><br>The paranoid, and those hit by the Concept virus (as it became know) disabled macros. Everyone else carried on as normal and quickly forgot about Word Macro viruses as they rushed to upgrade their hardware for the Next Great Thing from Microsoft.<br><br>Then, a little over a year ago, mail networks around the world crashed as a sweet little thing known as Melissa dropped in to visit a few friends. Mail servers were reset, networks scanned using the latest patches from the anti-virus vendors, and Microsoft once again advised people to disable features in the software supplied by them.<br><br>Time passed, and the Love Bug turned up. Essentially the same in concept as it's close cousin Melissa, but packaged in a slightly more sophisticated way...<br><br>And the solution "Don't read your mail", "Disable this feature and that feature", "Get a virus scanner". Yadda yadda yadda.<br><br>And my point? Three sets of people are responsible for this:<br><br>1) The vandals who want to disrupt the lives of everyday ordinary people, just because they can.<br><br>2) Microsoft, for selling the worlds most prolific/popular (delete according to taste) operating system with little or no security for the majority of it's users.<br><br>3) Us, the users, for using it.<br><br>Where have I been while all this has been going on? Sat high on Mt. Linux, looking down with sorrow as folks run around trying to sort these issues out.<br><br>Sorry for the rant Please feel free to Red Flag for being kind of almost totally off topic
Please feel free to Red Flag for being kind of almost totally off topic
Karl Blessing
Programmer
hehe, you know I'd use linux if i wasnt already dependant on windows but so far none of these concept viruses has ever hit me. (yet) I used to use linux, which I had dualbooted, planning on doing that again soon as I can figure out my hardware problems(check bizzare display problems in the PC Hardware forum) <p>Karl<br><a href=mailto:kb244@kb244.8m.com>kb244@kb244.8m.com</a><br><a href= </a><br>Experienced in , or have messed with : VC++, Borland C++ Builder, VJ++6(starting),VB-Dos, VB1 thru VB6, Delphi 3 pro, Borland C++ 3(DOS), Borland C++ 4.5, HTML, ASP(somewhat), QBasic(least i didnt start with COBOL)
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question