×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jennifer Lopez naked virus?

Jennifer Lopez naked virus?

Jennifer Lopez naked virus?

(OP)
I have two mails this morning (one from ZDNet another from NW Security) both warning about the above virus. I have no other information (checked NAI.Com and CERT both in virus and hoax areas) apart from these two sources, one claiming it's a version of the lovebug virus, the other claiming it's a varient of the chernobyl virus.

Anyone got anything else on this. I don't want to release a general alert to my company f this turns out to be a hoax. We had enough trouble with the French office reacting to the SULFNBK.EXE hoax. It seemed they were more inclined to believe their Lawyers than their IT department. (Oh well, their loss, swupport becomes suddenly a lot harder for the french office).

RE: Jennifer Lopez naked virus?

Nothing on McAfee's site as of this moment...

Terry M. Hoey
th3856@txmail.sbc.com
While I don't mind e-mail messages, please post all questions in these forums for the benefit of all members.

RE: Jennifer Lopez naked virus?

It is a variant of the Love-Letter virus. The following is a copy of the alert I got from Sophos:

At the time of writing Sophos has not seen any infections but
has issued this alert due to media interest.

Description:

VBS/Lovelet-CM is an email-aware worm. The worm copies itself to
a file called JENNIFERLOPEZ_NAKED.JPG.vbs in the Windows
directory. It then forwards itself via email to every contact in
the Microsoft Outlook address book with the following
characteristics:

    Subject: Where are you?

    Body text: This is my pic in the beach!

    Attached file: JENNIFERLOPEZ_NAKED.JPG.vbs

When the attached file is opened the worm searches all fixed and
network drives for files with extensions .VBS, .VBE, .JS, .JSE,
.CSS, .WSH, .SCT, .HTA, JPG, .JPEG, .MP2 and .MP3. All found
files are overwritten by the worm.

Original extensions .JS, .JSE, .CSS, .WSH, .SCT and HTA are
changed to .VBS. Original extensions .JPG and .JPEG are
converted to double extension .JPG.VBS and .JPEG.VBS
respectively. Attributes of the original files with .MP2 and
.MP3 extension are changed so that the original file is hidden
and a new file with the identical name and VBS extension is
created by the worm.

The worm also creates the Registry keys
HKCU\software\JENNIFERLOPEZ_NAKED\ so that it contains the text
"Worm made in algeria" and
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion \Run, so that it
contains the name of the worm file. The worm then sends itself
to all contacts found in the Microsoft Outlook address book.

Finally it drops and runs a file infected with a variant of the
highly destructive W95/CIH virus (also known as Chernobyl). The
dropped file is detected by SAV as W95/CIH-10xx.

Read the analysis at
http://www.sophos.com/virusinfo/analyses/vbsloveletcm.html


James P. Cottingham

I am the Unknown lead by the Unknowing.
I have done so much with so little
for so long that I am now qualified
to do anything with nothing.

RE: Jennifer Lopez naked virus?

(OP)
Thanks for that. Enough for me to release a general warning to the company on this one. Thank you again.

RE: Jennifer Lopez naked virus?

what is the accepted frequency of virus scan

RE: Jennifer Lopez naked virus?

Your best bet is the "double barrel" approach. I use a memory resident scanner that checks every file that opens for viruses. Then (at least) once a day I run another scanner that checks memory, boot sectors, and files for viruses. I do this on all servers and workstations. Works for us.


James P. Cottingham

I am the Unknown lead by the Unknowing.
I have done so much with so little
for so long that I am now qualified
to do anything with nothing.

RE: Jennifer Lopez naked virus?

(OP)
We've just signed up to a third party virus protection from Star. We re-direct our dns to and from the company through their server and all incoming and outgoing mail is filtered through four comercial virus checking packages and their own heuristic scan. Any problem mail is held on their server and notified both to the sender/reciever and our department. We are trying it out on the UK site at the moment and will roll it out to our other subsidiaries if it proves useful.

RE: Jennifer Lopez naked virus?

meekon5,

    Let us know how well it works.

James P. Cottingham

I am the Unknown lead by the Unknowing.
I have done so much with so little
for so long that I am now qualified
to do anything with nothing.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close