Thanks for the alert.
This virus came into my email this morning from
biopoint.com (216.233.68.82), but remained
unopened. Your message let me more promptly
empty the trash.
Spar, Steven wrote:
> More info on the virus:
>
> > What's Going On...
> >
> > A computer virus spread rapidly through the PTOnet this morning via e-mail
> > messages containing the subject line "ILOVEYOU". The virus, through a file
> > attachment, replicated itself and sent thousands of e-mail messages to
> > random addressees on PTO's global e-mail address list. The e-mail contains
> > a file entitled, "LOVE-LETTER-FOR-YOU.TXT.vbs".
> >
> > What to do...
> >
> > If you received the message, DO NOT OPEN THE ATTACHMENT! Delete the
> > message immediately. Do not forward it. (Note: opening the message but not
> > the attachment does not impact your workstation). If you received the
> > message and did not open the attachment, DO NOT call the Help Desk.
> >
> > If you opened the attachment, your workstation may be infected. The virus
> > infects files with the following extensions: vbs, vbe, js, jse, css, wsh,
> > sct, hta, jpg, jpeg, mp3, and mp2. The virus will insert the following
> > files on your workstation:
> >
> > * MSKernel32.vbs in the Windows System directory
> > * Win32DLL.vbs in the Windows directory
> > * LOVE-LETTER-FOR-YOU.TXT.vbs in the Windows System directory
> > * WinFAT32.EXE in the Internet download directory
> > * WIN-BUGSFIX.EXE in the Internet download directory
> > * script.ini in the mIRC directory
> >
> > Check your home computers...
> >
> > This virus has spread very rapidly. CNN on-line reported that the virus
> > had spread to over 20 countries by 6:00 AM this morning and is more
> > aggressive than the notorious "Melissa" virus of 1999. Unlike the
> > "Melissa" virus, which traveled in a similar fashion, this virus is more
> > destructive. First, it copies itself to two critical system directories
> > and then it adds triggers in the Windows registry to ensure that it's
> > running every time the computer reboots.
> >
> > The virus then starts affecting data files. Files associated with Web
> > development, including ".js" and ".css" files, are overwritten with a file
> > in the VisualBasic programming language. The original file is deleted. It
> > also goes after multimedia files, affecting JPEGs and MP3s. Again, it
> > deletes the original file and overwrites it with a VisualBasic file with a
> > similar name.
-- --------------------------------------------- ISTA's office hours are 9:00 am to 5:00 pm Eastern Time, TUESDAY through SATURDAY. The Paterra(tm) Internet Service is available 24x7 with occasional downtime on weekends. --------------------------------------------- Alan Engel, ISTA, Inc. http://www.intlscience.com ConvertedKokai(tm) machine translations of Japanese patents Paterra(tm) Instant MT(tm) for Japanese patents www.paterra.com
This archive was generated by hypermail 2b29 : Fri Aug 10 2001 - 15:58:22 EDT