|
PureBytes Links
Trading Reference Links
|
George,
Good job...you beat me too it.
John
At 04:38 PM 12/3/2000 -0600, you wrote:
RT Members,
There has recently been a virus inadvertently sent by Ashok Garg, an RT
member called the Love Letter Virus. Message number 1354 has been deleted
in which this virus appeared. Those of you who get digest mode will not
be affected by this problem. Those who receive individual emails will
only be affected if they opened the attachment.
Mr. Garg's ability to post has been temporarily suspended until he has
cleaned his machine appropriately.
Also, while we are talking about viruses, there also appears to be a
resurgence of the NAVIDAD virus around this time of year as well. DO
NOT OPEN ANY MESSAGES WITH AN ATTACHMENT OF NAVIDAD.EXE.
It is suggested not to open any attachments other than JPG or GIF-type
picture files unless you have virus protection in place.
For more information on the Love Letter Virus, please read the following
text below.
Love Letter Virus
Not just Outlook
Because the virus is being propagated via E-mail using Microsoft
Outlook as the mailer program, some people have the misconception that if
they are not using Microsoft Outlook they will not catch the virus. The
truth of the matter is that you can still catch the virus even if you are
not using Microsoft Outlook if your system has the Windows Scripting Host
(WSH) installed. You will not, however, be able to pass the virus around
by e-mail if you do not use Outlook. By default, WSH is installed on
Windows 98 and Windows 2000. It is not installed on Windows 95 and
Windows NT 4 systems unless Internet Explorer version 5 has been
installed.
Some news sources reported that the LoveLetter virus can be activated by
simply reading the e-mail and without opening the virus attachment. But
while there are other VBS virus that can be activated by simply opening
the e-mail, (such as the BubbleBoy and the KakWorm), most virus experts
that have seen the LoveLetter source codes say that the LoveLetter
virus can only be activated if the e-mail attachments are
opened.
To protect your system from the LoveLetter Virus
The CERT Advisory offers the following solutions to prevent the
LoveLetter virus from infecting your system
(http://www.cert.org/advisories/CA-2000-04.html):
1. Update Your Anti-Virus Product
It is important for users to update their anti-virus software.
Some anti-virus software vendors have released updated information,
tools, or virus databases to help prevent and combat this worm. A list of
vendor-specific anti-virus information can be found in Appendix A (listed
below).
2. Disable Windows Scripting Host
Because the worm is written in VBS, it requires the Windows
Scripting Host (WSH) to run. Disabling WSH prevents the worm from
executing. For information about disabling WSH, see:
http://www.sophos.com/support/faqs/wsh.html
This change may disable functionality the user desires. Exercise caution
when implementing this solution.
3. Disable Active Scripting in Internet Explorer
Information about disabling active scripting in Internet Explorer
can be found at:
http://www.cert.org/tech_tips/malicious_code_FAQ.html#steps
This change may disable functionality the user desires. Exercise caution
when implementing this solution.
4. Disable Auto-DCC Reception in IRC Clients
Users of Internet Relay Chat (IRC) programs should disable
automatic reception of files offered to them via DCC.
5. Filter the Worm in E-Mail
Sites can use email filtering techniques to delete messages
containing subject lines known to contain the worm. The article at listed
at:
http://www.cert.org/advisories/CA-2000-04.html
offers some examples of how this can be implemented for sites running
UNIX.
6. Exercise Caution When Opening Attachments
Exercise caution with attachments in email. Users should disable
auto-opening or previewing of email attachments in their mail programs.
Users should never open attachments from an untrusted origin, or that
appear suspicious in any way.
Appendix A.
Anti-Virus Vendor Information
Aladdin Knowledge Systems
http://www.aks.com/home/csrt/valerts.asp
Command Software Systems, Inc.
http://www.command.co.uk/html/virus/love.html
http://www.commandcom.com/virus/love.html
Computer Associates
http://www.ca.com/virusinfo/virusalert.htm
F-Secure
http://www.f-secure.com/download-purchase/updates.html
Finjan Software, Ltd. http://www.finjan.com/attack_release_detail.cfm?attack_release_id=34
McAfee / Network Associates
http://vil.nai.com/villib/dispVirus.asp?virus_k=98617 http://www.cert.org/advisories/CA-2000-04/nai.dat
Proland Software
http://www.pspl.com/virus_info/worms/loveletter.htm
Sophos
http://www.sophos.com/virusinfo/analyses/vbsloveleta.html
http://www.sophos.com/virusinfo/analyses/trojloveleta.html
Symantec
http://www.symantec.com/avcenter/venc/data/vbs.loveletter.a.html
Trend Micro
http://www.antivirus.com/vinfo
E-Mail Attachment Security Updates
Microsoft is strongly suggesting that the E-Mail Attachment Security Updates of the following Microsoft products be installed:
1. Outlook 97
http://officeupdate.microsoft.com/downloadDetails/O97attch.htm
2. Outlook 98
http://officeupdate.microsoft.com/downloadDetails/O98attch.htm
3. Outlook 2000
http://officeupdate.microsoft.com/2000/downloadDetails/O2Kattch.htm
According to Microsoft, the above updates will make it more difficult to inadvertently launch attachments. The updates provide a more explicit warning dialogue, and prevent attached executables from being launched directly from e-mails; instead, they must be saved to disk and launched as a separate step. The update also is included as part of Office 2000 SR1.
If you are already infected:
If your system is already infected by the LoveLetter virus, you will have plenty of help from the web in cleaning this virus. Be aware however that some of the LoveLetter cleaners being made available for free could have been developed for a system that is different than yours and might cause problems if implemented. A good place to find the right cleaner for your system is to ask at the alt.comp.virus newsgroup. This newsgroup can be accessed at DEJA.COM (http://www.deja.com/).
The following links (not tested and verified by the author) provide free cleanup utility programs to remove the virus from your system:
http://www.PlanetNetworks.com
http://www.rassoft.com/needafix/faq.html
http://www.isds.dk/fixlovebug.htm
http://www.wapydo.com/loveletter.htm
http://www.js-inc.com/
http://johncpratt.homepage.com/iloveyoucleaner.htm
http://www.symantec.com/avcenter/venc/data/fix.vbs.loveletter.html
For users of the Microsoft Exchange Server, Microsoft Product Support Services is offering a new utility called ISSCAN to remove the Love Letter virus and repair both the private and public information store. Refer to: http://support.microsoft.com/support/exchange/love_letter.htm.
eGroups Sponsor
To unsubscribe from this group, send an email to:
realtraders-unsubscribe@xxxxxxxxxxx
eGroups Sponsor
To unsubscribe from this group, send an email to:
realtraders-unsubscribe@xxxxxxxxxxx
|