Love Letter virus mutates

Variations of the Love Letter virus — known as "Mother's Day" and "Joke" — continue to worm their way into computer systems worldwide today.

Mutations of the file name, its text and attachment are meant to hide the virus from the scrutiny of antivirus programs.

The original virus, known by the names "ILOVEYOU" or "love letter," hit more than a dozen government agencies, Congress and the White House on Thursday. It infected thousands of unclassified government computers and has forced some organizations to temporarily shut down their systems. (For an agency-by-agency look at the virus' impact, click here.)

The virus is similar to the notorious Melissa virus that plagued networks last year. It arrives as an e-mail attachment and uses the recipient's e-mail address book to send itself to potentially thousands of other systems. (For more on how the Love virus works, click here.)

In addition, the Mother's Day version is believed to delete .ini and .bat files. Deletion can affect the performance of applications on the infected system and can even prevent the system from functioning upon reboot.

The subject line is "Mothers Day Order Confirmation," located in the header of the e-mail. The attachment appears as "mothersday.vbs." The body text reads in part: "We have proceeded to charge your credit card for the amount of $326.92 for the mothers day diamond special. We have attached a detailed invoice to this e-mail."

Late Thursday, the Joke variant began to circulate. Its subject line was "joke" or "Fwd: joke," and the attachment was changed to "Very Funny.vbs."

As of 8:15 a.m. today, the Computer Emergency Response Team Coordination Center had received "several hundred reports [about the Love virus] from industry, government, academic institutions and home users, affecting more than 300,000 computers attached to the Internet," said Jeff Carpenter, senior Internet security technologist at the CERT Coordination Center.

"Since only a small fraction of affected users have reported to us directly, the total number of organizations and computers affected is much higher." (For CERT's advisory on the love letter worm, click here.)

About the Author

Connect with the FCW staff on Twitter @FCWnow.


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.