You all surely know about the "Love Bug" worm by now, passing by email.

It's getting nasty, folks. NOt that it wasn't already. As soon as CMP Media (BYTE magazine) posts the article they had me write for them on Friday, I'll give you all the URL. It has info to help you be proactive about viruses and worms, rather than waiting to be reactive after you're infected.

In the meantime, this in from Symantec (Norton Antivirus) this morning (9am ET, 5/7/00):

The Symantec AntiVirus Research Center currently detects the following variants of VBS.LoveLetter.A:

VBS.LoveLetter.A (LoveLetter) VBS.LoveLetter.B (Lithuanian) VBS.LoveLetter.C (VeryFunny) VBS.LoveLetter.D (BugFix) VBS.LoveLetter.E (MothersDay) VBS.LoveLetter.F (VirusWarning) VBS.LoveLetter.G (Virus ALERT!!!) VBS.LoveLetter.H (No Comments) VBS.LoveLetter.I (Important! Read carefully!!)

Symantec customers who have updated their AntiVirus definitions since 1:30 p.m. PDT (9:30 p.m. GMT) May 5 are currently protected against all the variants listed above.

The newest variant named VBS.LoveLetter.G (Virus ALERT!!!) that includes the subject line "Virus ALERT!!!" poses as a message from Symantec technical support. In addition to damage caused by the LoveLetter, VBS.LoveLetter.G (Virus ALERT!!!) deletes .bat and .com files. This message is NOT being distributed by Symantec and should be deleted immediately.

Be careful out there, folks. I suspect this worm will start moving through HTML-viewable email soon. That means email that shows full-bodied HTML in the mail window. You know, mail that is all formatted and looks pretty.

I STRONGLY SUGGEST you not use Outlook, Outlook Express, Netscape Mail, MS Internet Explorer Mail (in the browser), or the Microsoft Mail client that resides on all Windows computers (the one available by choosing "Internet Mail" from the Start Menu.

Eudora (http://www.eudora.com) has the ability to turn OFF full-bodied HTML and not run scripts that are embedded in HTML mail messages. This is turned off by default in Eudora. This means if the worm or virus is using Virtual Basic Script (.VBS -- the script the "Love Bug" worm uses to do its damage, in fact), if someone embedded a VBS script in an HTML mail message -- if you were using Eudora, it would not execute and infect you.

If you have any questions about this, please feel free to email me. Take all of this seriously, folks.

If you have been infected, you must not reboot your machine before you clean it out of the system. This worm infects not only your registry and all the files it overwrites throughout your drive, but also writes code into your system files so it will reinfect every time you boot up.

If you have been infected and have not rebooted yet, go to Symantec, NAI (Network Associates & MacAffee), or Dr. Solomon's immediately. Their URLs are www.symantec.com, www.nai.com, or www.drsolomons.com.

Be careful out there!

-- editrix (editrix@windhaven.com), May 07, 2000

Answers

Thanks for the info, and its good to see your up and about again after such a long time. Hope all goes well for you.

jaizee

-- jaizee (jaizee@excite.com), May 11, 2000.