Hi All! A few moments ago, I received an e mail from the CSMFO List group that had the Love Letter Virus attached. Here is information from our IT Department regarding this virus. Regards, Cheryl Bunnell Finance Manager City of Sunnyvale 408-730-7676 Love Letter Virus Alert Note: Although most rumors about internet viruses are hoaxes, apparently the so called "Love Letter" virus is not. Please read the following and do NOT open any attachment with an email that has the following in the subject field: "ILOVEYOU" and has an attachment called "LOVE-LETTER-FOR-YOU.TXT.vbs." DO NOT OPEN THE ATTACHMENT! The virus is apparently spread via email client software from Microsoft. What We Now Know WHAT: Researchers at the Symantec AntiVirus Research Center have discovered VBS.LoveLetter.A, an extremely fast-spreading computer worm that uses mIRC and Microsoft Outlook to e-mail itself as an attachment. CHARACTERISTICS OF INFECTION: VBS.LoveLetter.A is an Internet worm that uses Microsoft Outlook to spread itself as an attachment with the subject line "ILOVEYOU" along with an attachment called "LOVE-LETTER-FOR-YOU.TXT.vbs." PAYLOAD: Preliminary finding indicate that the worm sends itself to all addresses in the computer user's Outlook address book causing mail servers to clog. The worm will infect files with the following extensions: vbs, vbe, je, jse, css, wsh, sct, hta, jpg, jpeg, mp3, and mp2. Additionally, it will delete the following files: -- MSKernel32.vbs in the Windows system directory -- Win32DLL.vbs in the Windows directory -- LOVE-LETTER-FOR-YOU.TXT.vbs in the Windows System directory -- WinFAT32.EXE in the Internet download directory -- WIN-BUGSFIX.EXE in the Internet download directory -- Script.ini in the mIRC directory RECOMMENDATIONS/PROTECTION: SARC recommends administrators filter for the attachment name and subject line immediately. Note: Complete information is not currently available and it may be difficult to reach anti-virus web sites but the following sites will have the latest information (these sites may not be reachable due to the number of people trying to access them): CERT Advisories Symantec Advisories
