Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Subject: Loveletter Worm
From: Russ (Russ.CooperRC.ON.CA)
Date: Thu May 04 2000 - 12:10:48 CDT
- Next message: Mazeland, Siebrand: "'ILOVEYOU' script worm"
- Previous message: Paul Leach: "Re: More NetBIOS over TCP/IP in Win2K: TCP/IP NetBIOS Helper, not jus t for NetBIOS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Seems quite a few people have been hit with a new worm called Loveletter.
I received a number of copies from infected folks, as well as several other
warnings. I opened an infected message using Outlook 2000 with my customized
zone settings (basically, everything set to prompt) and was not prompted at
all (or warned in any way.) This, of course, on a system with no AV
This means, to me at least, that infection comes as a result of actually
clicking on the attached VBS (Visual Basic Script).
Of course its possible that other email clients might automatically invoke
the script, particularly I assume HTML-based packages.
I offer, once again, my two works on dealing with email and security;
Neither are intended to be a complete solution. You should contact your
support group and find out what, if anything, you need to do to ensure your
anti-virus programs are up-to-date. I know that Symantec, Datafellows, and
even NAI have updated definitions available for this latest wave.
Regardless of how much you might think someone is going to send you a love
letter, you should treat any anonymous email as you would a knock at your
door at 3:00am in the morning...
I was particularly disturbed at receiving infected messages from RSA
Security, Inc. and Xerox Corporation...oh how even the mighty can fall.
Russ - NTBugtraq Editor
"dot-age" (as in "we're in the dot-age") = senility (source Webster's)