DFA LOGO

David Fenton Associates

Viruses and Virus Hoaxes

--------------------------------------------

Training
Software
Support
Opinion
Help Pages
Partners
About DFA

Special Topic: ILOVEYOU Virus/Worm

Trend Micro is offering a free online service to scan your PC for this virus and remove it.

Woody's Office Watch has done a special issue on the virus/worm, probably the best single source for information that I've come across.

The major anti-virus sites are still sometimes overwhelmed by all the traffic generated by people's interest in this worm, so it may require some persistence to get through to their pages. The URL for McAfee is http://vil.mcafee.com/dispVirus.asp?virus_k=98617, and the one for Trend Micro is http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_LOVELETTER. Symantec's page is at http://www.symantec.com/avcenter/venc/data/vbs.loveletter.a.html, but it's not as informative as the above two pages. Two other pages worth looking at are F-Secure's at http://www.f-secure.com/v-descs/love.htm and CERT's advisory at http://www.cert.org/advisories/CA-2000-04.html.

Variants continue to pop up, with as many as 8 or more having been reported. I would advise everyone to check back with their anti-virus software vendor more than once over the next week or two to update virus definitions to reflect all the variants that have been detected.

I've posted the message that I've sent out to clients to explain how to protect themselves against this virus/worm. Since I haven't seen the thing myself (but I've had reports of it from clients), I am depending on the accuracy of news reports and discussions on ZDNet, as well as the information on the anti-virus websites. I will continue to update the information here as significant developments arise.

Here is the bottom line:

  1. For now, the virus/worm is most often carried in an e-mail message with the subject heading "ILOVEYOU." Delete any such message unread, and you should be protected.
  2. You may be accidentally infected if you use the preview or automatic attachment execution features of your e-mail program. TURN OFF THOSE FEATURES RIGHT NOW! -- you never should have had them turned on in the first place.
  3. Users of Windows98, Windows2000, Outlook98, Outlook2000, Outlook Express and the most recent versions of Netscape's and Eudora's e-mail programs are most susceptible to infection because these programs ship with the dangerous auto-preview/auto-execute features turned on. Users of Internet Explorer 5.x are also be susceptible to infection, and users of AOL's e-mail program may be at risk but I cannot confirm this for certain since I don't know all the ins and outs of configuring the bloody awful AOL e-mail reader.

See this page for the detailed explanation and instructions on how to take actions to protect yourself.

Macs Not Vulnerable to ILOVEYOU, But AppleScript Could Be Used for Similar Purposes

A fascinating discussion of the Mac's vulnerability to this kind of attack via AppleScript is found at http://www.macintouch.com/loveletterworm.html. This is a very, very interesting discussion and points out that security weaknesses of this nature are not limited to Microsoft products.

and now back to our regularly scheduled rant. . .

It is not unusual in any month to hear in the news reports or read in the paper that yet another virus is on the loose, damaging people's computers and causing them to lose data. The fact of the matter is, the vast majority of computer users have lost more time worrying about viruses than they have lost time or data due to actual virus attacks.

I shall finish this rant at another time, but for now, you might find my page of links regarding virus hoaxes to be of some interest.

--------------------------------------------
Home | Training | Software | Support | OPINION | Help
Partners | About DFA
--------------------------------------------

©1999-2000, David Fenton Associates. Created October 1, 1999. Last updated July 5, 2000.