Love Letter virus mutates
Variations of the Love Letter virus known as "Mother's Day" and "Joke" continue to worm their way into computer systems worldwide today.
Mutations of the file name, its text and attachment are meant to hide the
virus from the scrutiny of antivirus programs.
The original virus, known by the names "ILOVEYOU" or "love letter," hit
more than a dozen government agencies, Congress and the White House on Thursday.
It infected thousands of unclassified government computers and has forced
some organizations to temporarily shut down their systems. (For an agency-by-agency
look at the virus' impact,
click here.)
The virus is similar to the notorious Melissa virus that plagued networks
last year. It arrives as an e-mail attachment and uses the recipient's e-mail
address book to send itself to potentially thousands of other systems. (For
more on how the Love virus works,
click here.)
In addition, the Mother's Day version is believed to delete .ini and .bat
files. Deletion can affect the performance of applications on the infected
system and can even prevent the system from functioning upon reboot.
The subject line is "Mothers Day Order Confirmation," located in the header
of the e-mail. The attachment appears as "mothersday.vbs." The body text
reads in part: "We have proceeded to charge your credit card for the amount
of $326.92 for the mothers day diamond special. We have attached a detailed
invoice to this e-mail."
Late Thursday, the Joke variant began to circulate. Its subject line was
"joke" or "Fwd: joke," and the attachment was changed to "Very Funny.vbs."
As of 8:15 a.m. today, the Computer Emergency Response Team Coordination
Center had received "several hundred reports [about the Love virus] from
industry, government, academic institutions and home users, affecting more
than 300,000 computers attached to the Internet," said Jeff Carpenter, senior
Internet security technologist at the CERT Coordination Center.
"Since only a small fraction of affected users have reported to us directly,
the total number of organizations and computers affected is much higher."
(For CERT's advisory on the love letter worm,
click here.)
About the Author
Connect with the FCW staff on Twitter @FCWnow.