How the 'love' virus works

The script worm arrives in an e-mail message with the subject "ILOVEYOU"

and carries an attached file titled LOVE-LETTER-FOR-YOU.TXT.vbs and the

text "kindly check the attached LOVELETTER coming from me."

Because it is based on Visual Basic script, the worm infects only computers

that have Visual Basic, which is included with Windows 2000.

If the attachment is opened, the worm inserts the following files: MSKernel32.vbs

and LOVE-LETTER-FOR-YOU.TXT.vbs in the Windows system directory; Win32DLL.vbs

in the Windows directory; WinFAT32.EXE and WIN-BUGSFIX.EXE in the Internet

download directory; and script.ini in the mIRC directory.

The file WIN-BUGSFIX.exe is a back door created in the Philippines that

collects the network passwords cached in Microsoft Corp.'s Windows operating

system and then sends them to an attacks Web site when the infected user

connects to the Internet.

When it first was detected, the worm also would go out to four different

Internet sites and pull software from those to download on infected computers,

allowing hackers to possibly break into those computers, said Narender Mangalam,

director of security at Computer Associates International Inc. The Internet

sites have been shut down.

Users are advised to immediately delete the message and the attached

file. Mangalam further advised that computer users immediately update antivirus

software.

— Dan Verton contributed to this report.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.