Deadly new virus targets Outlook users

The online world was rocked to its knees Thursday by a pernicious little virus that affects Windows users running Microsoft Outlook. And if the recent antitrust trial didn't provide any indication, that's a lot of you: Huge corporations such as Ford Motor Company, Merrill Lynch, and even the CIA experienced massive email outages yesterday because of the "VBS.LoveLetter.A," as its now known. We'll call it the Love Bug for simplicity's sake. I don't generally report on viruses in WinInfo, leaving such things to the more capable hands of Mark Joseph Edwards and his Security UPDATE newsletter, but this virus is such a huge problem that it's imperative that you know about it, and know what to do about it. According to the experts, it's already affected half of all email users in the United States.

Here's the deal: The Love Bug is a fairly complicated VBScript script that infiltrates a user's Outlook address book when the code is opened. Typically sent as an email attachment so that it might more easily detect Outlook users, the Love Bug performs a number of disruptive actions on a system once it's run: It renames files with MP3, JPG, CSS, and other extensions, and resets the Internet Explorer start page. But its ability to latch onto the Outlook address book is the most chilling aspect of this virus, which takes on worm-like attributes by automatically sending itself to every person in that address book.

An email with the Love Bug attachment always takes the same form and, like many of you, I received dozens of these messages Thursday. The subject line reads "ILOVEYOU" (no quotes) and the body contains the text "kindly check the attached LOVELETTER coming from me." (again, no quotes). Attached is a VBScript script file (LOVE-LETTER-FOR-YOU.TXT.VBS) that does the damage, but it can only affect you if you execute the script (by double-clicking it). Simply receiving the attachment will not harm your system. So if you receive an email like this, simply delete it. Of course, Outlook users can create a rule to delete these messages, but it's a good idea to warn the person who sent it to you (unknowingly) that their system is infected.

So what do you do if you're infected? Hopefully, you're running an anti-virus program such as Norton AntiVirus or McAfee VirusScan; both have provided updates for this virus. However, if you're not running such a program, I recommend heading over to Computer Associates' Web site and following their instructions to manually delete the virus, or use their automated virus removal program. And to prevent this sort of thing in the future, please consider an anti-virus package and remember that you shouldn't simply open every attachment that you receive. Consider the source (which wouldn't have helped in this case of course).

Finally, Mark Edwards offers up some advice for those of you using Microsoft Outlook. "To help prevent infection from script- or HTML-based viruses in the future, be sure to adjust the properties of your Outlook client so that all email is processed under the properties of the Restricted Sites zone," Edwards says. "Also, be sure to adjust the Attachment Security to the High setting and disable all forms of Active Scripting in the normal Internet Zone as well.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.