Love Letter virus mutates

Variations of the Love Letter virus — known as "Mother's Day" and "Joke" — continue to worm their way into computer systems worldwide today.

Mutations of the file name, its text and attachment are meant to hide the virus from the scrutiny of antivirus programs.

The original virus, known by the names "ILOVEYOU" or "love letter," hit more than a dozen government agencies, Congress and the White House on Thursday. It infected thousands of unclassified government computers and has forced some organizations to temporarily shut down their systems. (For an agency-by-agency look at the virus' impact, click here.)

The virus is similar to the notorious Melissa virus that plagued networks last year. It arrives as an e-mail attachment and uses the recipient's e-mail address book to send itself to potentially thousands of other systems. (For more on how the Love virus works, click here.)

In addition, the Mother's Day version is believed to delete .ini and .bat files. Deletion can affect the performance of applications on the infected system and can even prevent the system from functioning upon reboot.

The subject line is "Mothers Day Order Confirmation," located in the header of the e-mail. The attachment appears as "mothersday.vbs." The body text reads in part: "We have proceeded to charge your credit card for the amount of $326.92 for the mothers day diamond special. We have attached a detailed invoice to this e-mail."

Late Thursday, the Joke variant began to circulate. Its subject line was "joke" or "Fwd: joke," and the attachment was changed to "Very Funny.vbs."

As of 8:15 a.m. today, the Computer Emergency Response Team Coordination Center had received "several hundred reports [about the Love virus] from industry, government, academic institutions and home users, affecting more than 300,000 computers attached to the Internet," said Jeff Carpenter, senior Internet security technologist at the CERT Coordination Center.

"Since only a small fraction of affected users have reported to us directly, the total number of organizations and computers affected is much higher." (For CERT's advisory on the love letter worm, click here.)

About the Author

Connect with the FCW staff on Twitter @FCWnow.


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.