Not even Mom is safe...
Friday May 5, 9:18 am Eastern Time
Company Press Release
F-Secure Warns of "MOTHER'S DAY" E-mail Worm
Cunning Variant Becomes the Fifth Offshoot Of Destructive LOVELETTER Virus
SAN JOSE, Calif.--(BUSINESS WIRE)--May 5, 2000--F-Secure Corporation (formerly Data Fellows) (HEX:FSC), a leading provider of security for mobile, distributed enterprises, is warning e-mail users of another new variant of the VBS/LoveLetter e-mail worm. This new variant sends e-mails which appear to be a confirmation of an electronic gift order. F-Secure Anti-Virus detects and disinfects the worm with the latest update available from www.F-Secure.com
By midday (central European time) on Friday, five different versions of the VBS/LoveLetter worm had been found in the wild. Several more are excepted to appear over the coming weekend.
``The Mother's Day version of this worm is quite cunning,'' comments Mikko Hypponen, Manager of Anti-Virus Research at F-Secure Corporation. ``The e-mail appears to be a confirmation of an order for 'Mother's Day diamond special,' and the attached file mothersday.vbs is portrayed as if it were an invoice. When users get such e-mails they assume there is some mistake and will naturally open the attachment - infecting their computer. With only eight days to go until Mother's Day, this attack is quite credible.''
The worm arrives in an e-mail message attachment called mothersday.vbs. On a default Windows system, the ``.vbs'' extension is not visible. If the recipient opens the attachment, the worm will use Microsoft Outlook (if installed) to send a message to everyone in any address books (including global access books of the organization; these typically contains hundreds or thousands of addresses). The message looks like this:
-0-
From: (Name-of-the-infected-user)
To: (Random-name-from-the-address-book)
Subject: Mothers Day Order Confirmation
We have proceeded to charge your credit card for the amount of
$326.92 for the mothers day diamond special. We have attached a
detailed invoice to this email. Please print out the attachment
and keep it in a safe place. Thanks Again and Have a Happy Mothers
Day! mothersday@subdimension.com
Attachment: mothersday.vbs
As address books typically contain group addresses, the result of executing the VBS/LoveLetter worm inside an organization is that the first infected user sends the message to everybody in the organization. After this, other users open the message and send the message again to everyone else. This quickly overloads e-mail servers.
In addition, this worm deletes all INI and BAT files from all drives and directories. This may leave the system in an unbootable state and might do serious damage to network files.
This variant is detected as VBS/LoveLetter.E by F-Secure Anti-Virus. Like the original version of the worm, VBS/LoveLetter.E is written in the VBScript language.
The other known variants of the worm are known as VBS/LoveLetter.A, B, C and D.
The A variant was the original LoveLetter worm.
The B variant has been modified in Lithuania, and the subject field of the sent e-mail messages is ``Susitikim shi vakara kavos puodukui...'', which in Lithuanian means ``Let's meet this evening for a cup of coffee...''
The C variant has the subject field of ``fwd: Joke'' and the attachment is called ``Very Funny.vbs''
The D variant is almost identical to the original LoveLetter worm. It has been modified slightly, probably to make it undetectable to some anti-virus programs.
A technical description of the worm is available in the F-Secure virus description database at: f-secure.com
Sample pictures of e-mail messages generated by VBS/LoveLetter are available in the F-Secure virus screenshots center at: f-secure.com
About F-Secure Corporation
F-Secure Corporation is a leading developer of centrally managed security solutions for the mobile, distributed enterprise. The company offers a full range of award-winning integrated anti-virus, file encryption, distributed firewall and VPN solutions. F-Secure products and the underlying policy management framework enable corporate IT departments as well as service providers to deliver Security as a Service(tm). For the end-user, Security as a Service is invisible, automatic, reliable, always-on, and up-to-date. For the administrator, Security as a Service means policy-based management, instant alerts, and centralized management of a widely-distributed user base.
Founded in 1988, F-Secure is listed on the Helsinki Stock Exchange (HEX:FSC). The company is headquartered in Espoo, Finland with North American headquarters in San Jose, California, as well as offices in Canada, China (Hong Kong and Beijing), France, Germany, Japan, Sweden and the United Kingdom. F-Secure is supported by a network of VARs and Distributors in over 90 countries around the globe.
Note to Editors: Further technical information and a screenshot of the virus is available at: f-secure.com
--------------------------------------------------------------------------------
Contact:
F-Secure Inc. |
