Love Letter virus mutates

Variations of the Love Letter virus — known as "Mother's Day" and "Joke" — continue to worm their way into computer systems worldwide today.

Mutations of the file name, its text and attachment are meant to hide the virus from the scrutiny of antivirus programs.

The original virus, known by the names "ILOVEYOU" or "love letter," hit more than a dozen government agencies, Congress and the White House on Thursday. It infected thousands of unclassified government computers and has forced some organizations to temporarily shut down their systems. (For an agency-by-agency look at the virus' impact, click here.)

The virus is similar to the notorious Melissa virus that plagued networks last year. It arrives as an e-mail attachment and uses the recipient's e-mail address book to send itself to potentially thousands of other systems. (For more on how the Love virus works, click here.)

In addition, the Mother's Day version is believed to delete .ini and .bat files. Deletion can affect the performance of applications on the infected system and can even prevent the system from functioning upon reboot.

The subject line is "Mothers Day Order Confirmation," located in the header of the e-mail. The attachment appears as "mothersday.vbs." The body text reads in part: "We have proceeded to charge your credit card for the amount of $326.92 for the mothers day diamond special. We have attached a detailed invoice to this e-mail."

Late Thursday, the Joke variant began to circulate. Its subject line was "joke" or "Fwd: joke," and the attachment was changed to "Very Funny.vbs."

As of 8:15 a.m. today, the Computer Emergency Response Team Coordination Center had received "several hundred reports [about the Love virus] from industry, government, academic institutions and home users, affecting more than 300,000 computers attached to the Internet," said Jeff Carpenter, senior Internet security technologist at the CERT Coordination Center.

"Since only a small fraction of affected users have reported to us directly, the total number of organizations and computers affected is much higher." (For CERT's advisory on the love letter worm, click here.)

About the Author

Connect with the FCW staff on Twitter @FCWnow.


  • Cybersecurity
    CISA chief Chris Krebs disusses the future of the agency at Auburn University Aug. 22 2019

    Shared services and the future of CISA

    Chris Krebs, the head of the Cybersecurity and Infrastructure Security Agency at DHS, said that many federal agencies will be outsourcing cyber to a shared service provider in the future.

  • Telecom
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA softens line on looming EIS due date

    Think of the September deadline for agencies to award contracts under the General Services Administration's $50-billion telecommunications contract as a "yellow light," said GSA's telecom services director.

  • Defense
    Shutterstock photo id 669226093 By Gorodenkoff

    IC looks to stand up a new enterprise IT program office

    The intelligence community wants to stand up a new program executive office to help develop new IT capabilities.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.