The Hickory Woods Homeowners Association Web Tools -- New Lovgate virus...

This page has some web tools that might be useful for the new or more experienced user.

CONTENTS
• Hoaxes On The Net
• Search Engines
• CyberCrime
• Virus Information March 1, 2003

HOAXES ON THE NET -- One of my neighbors sent me an internet e-mail warning, so I immediately went to the internet warning hoax page at http://korova.com/virus/hoax_index.htm. It took a couple of minutes sorting through the many listings, but there it was. So if you find something you think is urgent and all of us should know about, FIRST, check at this site and see if it is there. If not, let me know and we will check further.

Check with all the major vendors of anti-virus software for their listings of viruses and hoaxes. DOE has a Computer Incident Advisory Capability site at http://www.ciac.org/ciac/CIACHoaxes.html. http://ciac.llnl.gov/ciac

Another site is the Urban Legends and Folklore site at http://www.urbanlegends.about.com Each of these sites has links to others with information about similar items.

CONTENTS

SEARCH ENGINES -- A search engine is a program that locates specific information in a database for you. They don't all work the same, so here is a little bit about how each one operates. You should try different ones and use the one that you like and that gives you the type of results you need.

*** Search engines accused of deception *** July 17, 2001

You should check Google and Northern Light first.

Google PC Magazine picks Google as the Editors' Choice in the December 5, 2000 issue. They say "...Google still focuses on searching. Fast with a refreshingly spare interface. Google consistently turns up high-quality, highly relevant results."

Northern Light They also selected Northern Light as an Editors' Choice. This search engine uses custom folders and a natural language search engine.

AltaVista is the largest search engine on the web. Scooter, the AltaVista spyder, searches about 6,000,000 web pages every day. It indexes all the words on the pages. When searching, it ranks sites for relevancy and places the best ones at the top of the list. About 15% of searchers use this site. Use this site when you have lots of words that are relevant.

Excite looks for themes and common words when its spyder searches web pages. It uses your search words to infer the actual meaning of your search. It can summarize all the pages from one site into a single listing. About 25% of searchers use this site. Use this when you have ideas that make a theme type query.

HotBot searches about 10,000,000 web pages each day. Web page owners can submit their pages to this site. About 5% of searches are with HotBot. Results show the page title, relevancy and description. Use this when the site may not be on other sites, but the owner may have submitted it to HotBot.

Infoseek results are catagorized. This can help get you to your subject faster. The site has other powerful features to narrow down the searches. About 19% of searchers use Infoseek. Use it when you can categorize your question.

Lycos is based on a spyder that makes its own key words and title for a site. Use this site when you have key words for searching. The site has powerful tools you can use to focus the search. About 15% of searchers use this site.

WebCrawler has a smaller database and will give you fewer results. Only 3 pages to look through, not 15, for example. The spyder does not search sites with frames. About 8% of users use this site. Humans help catagorize the sites. Use it when you need the top sites for a catagory.

Yahoo! is the most widely known search tool and is used by about 45% of searchers. Humans check the work of the spyder. Yahoo! users submit sites and the category they fall under and these are also checked by real people. If Yahoo! doesn't find it, it will use AltaVista's database for more results. You can always start here and go to the others if this does not work for you.

SearchBug.com Finding things on the internet is easy using searchbug. This site is easy to use and takes the work out of looking for some kinds of information not easily found using the other search engines. Compare shipping rates, look up phone numbers, etc.

Other search engines listed by PC Magazine in December and not listed above include:

• About good for general queries;
• AOL.com gives rather poor results. Go elsewhere;
• Ask Jeeves is a natural language engine;
• Direct Hit excells in home page targeting;
• FAST Search will have 1 billion pages by 2001 in its database;
• Go To has sites that pay to show up on your list;
• IWon gives away cash prizes, $10,000 every day and $1,000,000 every month. One might start here just to play the game;
• LookSmart has a team of live Webrarians and over 200,000 categories;
• MSN similar to Hot Bot with boolian and wild card searches;
• NBCi is good for commerce, finance and unusual phrases;
• Oingo This site helps clarify your search with drop-down boxes;
• Open Directory Project an extremely successful Web directory;
• Raging Search is bare bones Altavista without news feeds and shopping services.

My friend, John Murray has built a list of many search engines for his students to use. You can click here for John Murray's search engine list.

Finally, if you can't find it anywhere else, try this page with pointers to EVERYTHING! I could spend hours and hours at www.refdesk.com, Webmaster.

CONTENTS

CYBER CRIME -- This list is some links to sites that deal with the criminal side of the web. This includes such things as computer intrusion or hacking, password trafficing, software piracy, internet fraud like stealing your information over the internet and misusing it, such as credit card number theft or social security number theft and related items. If you find a site with interesting information about this, click here to let me know: Webmaster.

US DOJ site for CyberCrime -- Brett Glass - computer programmer, book author and technology writer - said the site does far too much harping about politics and far too little delving into practical matters.

Part of the mission of the site is to encourage people to report cybercrime, and it offers a phone number. But calling the FBI, Glass said, won't help average citizens. He's had to deal with the FBI on cybercrime issues, and both times the agency was, he said, "clueless."

"Certainly the average complaint isn't dealt with adequately," he said. "You are left on your own."

Kids Page - Rules of the Road Don't miss this site if you have kids learning to use the internet.

CONTENTS

VIRUS INFORMATION -- You should always have an anti-virus program running on your computer when you are linked to the internet. And, you have to keep it updated by downloading the latest virus data file for your program every once in a while, especially if you hear about a new virus.

March 1, 2003 -- Warning: W32/Lovgate@M virus from McAfee

I received two notices about this virus. They follow. You should update your antivirus software at once if you use Outlook or Outlook Express for e-mail.

Nasty New Worm Steals Passwords, Clogs Email

It's called Lovgate.C, and it wraps itself inside what looks like standard business correspondence. If you get a< suspicious looking email suggesting you open an attachment, run, don't walk, to the nearest delete button. For all the details on this nasty worm, including the email wording and how it tries to steal your passwords, head to our report. We'll be updating it with new information as the worm continues to spread.

Nasty Worm Steals Passwords:

Learn More about W32/Lovgate@M: ==> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=4977

Scan for W32/Lovgate@M: ==> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=4978

[ You are currently subscribed as: andrewsjp@aol.com ]

Please feel free to forward this dispatch to any interested
friends, family and associates.

McAfee is a business unit of Network Associates, Inc.
© 2003, Networks Associates Technology, Inc. All Rights Reserved.

Bugbear virus

'A Virtual Card for You' AND 'An Internet Flower For You' virus hits!

Sent: Tuesday, March 05, 2002 11:26 AM
Subject: FW: WORST VIRUS EVER...CNN ANNOUNCED

Sent: Thursday, February 28, 2002 11:10 AM Subject: FW: WORST VIRUS EVER...CNN ANNOUNCED Importance: High

PLEASE SEND THIS TO EVERYONE ON YOUR CONTACT LIST !!

A new virus has just been discovered that has been classified by Microsoft as the most destructive ever! This virus was discovered yesterday afternoon (March 4th, 2002) by McAfee and no vaccine has yet been developed.

This virus simply destroys Sector Zero from the hard disk, where vital information for its functioning are stored. This virus acts in the following manner: It sends itself automatically to all contacts on your list with the title "A Card for You". [I assume that this is in the Microsoft e-mail program -- JPA]As soon as the supposed virtual card is opened, the computer freezes so that the user has to reboot. When the ctrl+alt+del keys or the reset button are pressed, the virus destroys Sector Zero, thus permanently destroying the hard disk. Yesterday in just a few hours this virus caused panic in New York, according to news broadcast by CNN. This alert was received by an employee of Microsoft itself. So don't open any mails with subject: "A Virtual Card for You." As soon as you get the mail, delete it!! Even if you know the sender!!! Please pass this mail to all of your friends. Forward this to everyone in your address book. I'm sure most people, like myself, would rather receive this 25 times than not at all.

Also: Intel announced that a new and very destructive virus was discovered recently. If you receive an email called "An Internet Flower For You ", Do not open it!! Delete it right away! This virus removes all dynamic link libraries (.DLL files) from your computer. Your computer will not be able to boot up!!

'Happy New Year' worm hits Windows

Don't you love the holiday season? It's the time for gift giving, festive food...and viruses. That's right. The Christmas worm that antivirus companies have been expecting has arrived. The so-called "Happy New Year" worm--named after the greeting in the e-mail's subject header--spread across the globe Wednesday. The worm is passed on through an e-mail file attachment called "christmas.exe," and it's to be feared. When launched, the program runs a script that attempts to delete parts of the Windows operating system. Once set loose on your system, Happy New Year will send itself to everyone in your Outlook address book, and may be spread through Microsoft's Instant Messenger software, too.

By Wendy McAuliffe and Graeme Wearden
ZDNet (UK)
December 19, 2001 10:34 AM PT

A mass-mailing Internet worm that purports to offer New Year greetings was spreading rapidly Wednesday, and is rumored to be the big Christmas virus that antivirus companies have been gearing up for.

The first copy of the virus was detected at 7:23am GMT by security firm MessageLabs and is said to have originated from South Africa. By using a number of aliases, the e-mail worm has spread virulently throughout the day. MessageLabs has detected 925 incidents of the worm at an Internet level to date, from a number of countries across the globe.

"This won't be as big as Goner, but it is likely to be the biggest Christmas virus," said Alex Shipp, antivirus technology expert at MessageLabs.

The worm, operating under the guises of Zacker, Reeezak, Maldal and Keyluc, arrives with the subject header "Happy New Year" and contains a file attachment entitled "christmas.exe." It uses familiar social engineering tactics to entice recipients to double click on the attachment, before mailing itself and the victim's contact list to everyone in the contact's address book.

"Over the last week, we have seen thousands of executable files like this that have been sent as jokes or Christmas cards," said Shipp. "We have seen 4,000 copies of such viruses this week, and so from a social engineering point of view, it looks like this virus will continue."

The worm arrives with the body text:
"I can't describe my feelings But all i can say is Happy New Year :-) Bye."

Once the Christmas.exe application is opened, the worm will modify the user's Internet Explorer (IE) home page so that the browser now points to a malicious Web site. This site will then exploit a vulnerability in IE and run a Visual Basic Script on the infected computer that will attempt to delete significant portions of the Windows operating system.

Experts believe the worm spreads through shared network drives, and by taking advantage of Microsoft applications. Computer Associates has reported that the virus will email itself to everyone in an infected victim's Outlook address book.

According to reports, Symantec believes the worm also spreads via Microsoft's Instant Messaging software, and will try to delete antivirus software from an infected PC.

Goner Screen Saver Virus - December 2001

This is for your information from our friends at Microsoft at www.msn.com.

The "Goner" virus masquerading as screen saver is spreading quickly. "Goner" arrives as an e-mail with a new screen saver attached. According to one researcher, "Goner" is "wreaking havoc," having already infected thousands of computers at major corporations. Several antivirus companies have rated the bug a high risk as of this (Tuesday, Dec 4th, 2001) afternoon.

Attachment containing the virus is called "gone.scr."

This is a virus transmitted by Microsoft Outlook! If you use Outlook, and you open this virus, it will be sent to everyone on your address book!

The worm only affects computers running Microsoft Windows and spreads through Outlook e-mail clients. Macs and computers running Linux or other Unix-like operating systems are unaffected.

The worm arrives in a message with the subject "Hi" and the following text in the body of the e-mail:

How are you ?
When I saw this screensaver, I immediately thought about you
I am in a harry, I promise you will love it!

Attached to the message is what appears to be a screensaver file, Gone.scr, a compressed copy of the worm.

When the file is opened, Pentagone will infect the victim's PC, attempt to stop a variety of antivirus and security applications and then, if successful, delete all the files in the folders containing those applications. AtGuard's Personal Firewall, ConSeal's PC Firewall, Kaspersky Lab's AVP, Network Associates' McAfee VirusScan, Symantec's Norton Antivirus and Zone Labs' ZoneAlarm are among the programs that the worm attempts to deactivate.

After eliminating the security on the computer, the worm opens up a dialog box containing its name, Pentagone, and the handles of its creators. The dialog box also includes acknowledgements to other people on the Net, in a style similar to that of online vandals who deface Web sites.

The worm then installs a backdoor program linked to mIRC, a popular Internet Relay Chat program. The backdoor can be used to execute denial-of-service attacks against IRC servers.

In addition, the virus attempts to spread using e-mail and ICQ.

To spread by e-mail, Pentagone uses script commands to send a copy of itself to every entry in the victim's Outlook address book. In ICQ, the worm uses specific commands to send a copy of itself to other people using the messaging application.

Antivirus software makers have been inundated with calls from customers who have been infected or seen copies of the worm.

"It is extremely widespread," said April Goostree, virus research manager for McAfee.com. "We are seeing both corporate and home users being hit. We consider it an outbreak because of how fast it's spreading in so short a period."

Rival Trend Micro has had about 22 corporate customers complain about the virus and has given it a high threat rating.

David Perry, global director of education for TrendMicro, has decided that computer users may never be security-conscious enough to avoid getting infected.

"Every time enough time goes by that people forget to be wary of these things, it pops up again," he said. "Apparently, we have to resign ourselves to the fact that education doesn't work."

Pentagone isn't the only virus spreading significantly. Variants of the Nimda virus and a variant of the BadTrans virus are topping virus charts this month.

New Virus out November 2001

I have received several e-mails recently with attachments that contain viruses. The mail was from someone I did not know. The address was strange and ended in .ru (dot RU indicating Russia). The attached file ended in a double extension. In my case it was .mp3.src. The heading for the e-mail repeated the RE: and included the referenced line from an e-mail I has sent to a member of an e-mail list server. Apparently this virus is pretty bad. I also received the following info yesterday from a friend on the list server. Be sure to check out the article as it gives details on how the virus works.

You may not have heard yet, but there's a very intrusive new virus just out. It doesn't destroy files, instead it can find and send personal data from your computer to others (Credit Card & Soc Sec numbers, passwords, etc.) AND it can copy down every keystroke you enter, and transmit them to others. Not a good one to ignore!

This is the BBC news story about BadTrans-B which attempts to spread by exploiting weaknesses in Microsoft e-mail programs.

One anti-virus company has caught over 20,000 copies of the virus in the last 24 hours. it.

http://news.bbc.co.uk/hi/english/sci/tech/newsid_1678000/1678578.stm

If you get one of these e-mails, delete it at once. Do not open the attached file. If that file downloads, delete it at once. Do not open it. No matter what the extension on the file, it is an executable (.exe) and it will do you some damage.

John Andrews

Webmaster

Watch Out for Sample.exe

One of my associates sent this in. Apparently when he recieved the message thru Eudora, his virus program warned of a virus in the attached executable file. Be on the alert for the same in your mail. Never open executable attachments until you have VERIFIED that your sender in fact did intend to send it to you. JPA

At 01:37 AM 10/31/01 -0800, radsafe@list.vanderbilt.edu wrote:

excerpt...

Attachment Converted: "C:\EUDORA\Attach\sample.exe"

end excerpt...

ALERT: This attachment called sample.exe contains a malicious virus according to my Norton AntiVirus program.

Otto

New information about June 1 hoax virus

----- Original Message -----
From: McAfee.com Dispatch <dispatch@mcafee.com>
To: <charlori@ntown.com>
Sent: Wednesday, May 30, 2001 10:46 PM
Subject: Hoax Alert - SULFNBK

(((((((((((((((((( McAfee.com Dispatch )))))))))))))))))))))

------------------------------------------------------------
 Hoax Alert - SULFNBK
------------------------------------------------------------

[This message is brought to you as a subscriber to the
McAfee.com Dispatch. To unsubscribe, please follow the
instructions at the bottom of the page.]

Dear McAfee.com Dispatch Subscriber:

An email HOAX has been circulating recently that has received a lot of press and public attention. The subject line may contain "***Virus Alert***" or mention SULFNBK.exe. If you receive a copy of this message, you should ignore it. Do NOT pass it on as this is how an email hoax spreads. You may receive a copy of this message from addresses that you recognize.

DO NOT DELETE ANY FILES FROM YOUR COMPUTER.

There are several versions of this message circulating, in several different languages. The email message may appear in part as follows:

"A VIRUS could be in your computer files now, dormant but will become active on June 1. Try not to USE your Computer on June 1st. FOLLOW DIRECTIONS BELOW TO CHECK IF YOU HAVE IT AND TO REMOVE IT NOW."

"No Virus software can detect it. It will become active on June 1, 2001. It might be too late by then. It wipes out all files and folders on the hard drive. This virus travels thru E-mail and migrates to the C:\windows\command' folder."

The email will also instruct you to delete SULFNBK.exe and to pass the message along to everyone you know.

SULFNBK.exe is a standard part of the Windows operating system and SHOULD NOT BE REMOVED.

For more information about this hoax or for instructions on how to replace SULFNBK.exe if you have already deleted it, go to:
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2274

McAfee.com VirusScan Online and Clinic Subscribers: We recommend that you have the latest ActiveShield and DAT files installed for the best virus protection. To download ActiveShield, go to:
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2275

Retail VirusScan Users: To download the latest DAT files, click here.
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2276

______________________Special Offers_________________________

If you would like to receive the McAfee.com Dispatch in a graphical (HTML) format in the future, please click here.
http://dispatch.mcafee.com/default2.asp?id=1454169

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Trademarks 2001 McAfee.com Corporation / All Rights Reserved.

Text from McAfee page:

Virus Name:
SULFNBK Hoax Date Added:
5/10/01 10:34:10 AM
 
Virus Characteristics:

AVERT HOAX Notice!!

McAfee AVERT Labs would like to inform you of a new email HOAX.

This email message is just a HOAX. Although, the SULFNBK.EXE file may become infected by a number of valid viruses (most commonly W32/Magistr@MM, the details of this HOAX message are not based on actual events.

We are advising users who receive the email to delete the message and DO NOT pass it on as this is how an email HOAX propagates.

For more information see http://vil.mcafee.com/dispVirus.asp?virus_k=99084&

NAKEDWIFE VIRUS ON THE LOOSE - March 7, 2001

The story: A new computer virus appears to on the loose, and this one can do real damage. It masquerades as an attachment called "NakedWife.exe" in an e-mail with the subject line "FW: Naked Wife." If opened, it deletes any files in the Windows and system directories with DLL, INI, EXE, BMP, and COM extensions. The virus also uses Microsoft Outlook to spread. After sending the e-mail, the virus displays a dialog box titled "Flash" and the contents, "You're now F***ED! (c)2001 by BGK (Bill Gates Killer)." The virus so far has hit computers in at least 68 organizations in the United States and Europe. Thanks to ZDNet.com for the info.

New Viruses Coming Called Kriz and hahaha...
December 22, 2000

Two viruses are going around this christmas season. Those on the Hickory Woods e-mail list have been alerted. You should check your computer for updated virus .dat files before Christmas day to be sure the Kris virus is absent from your system because it attacks on that day. The Hahaha virus is less specific. It comes attached to an e-mail and infects your computer. Then it can upgrade itself when you are connected to the internet. Although not agressive yet, it has the potential to be very damaging.

There is more information on Doug Muth's Anti-Virus Help Page. See the link at the bottom of this page.

The URL for information from ZDNet about the hahaha worm is
http://updates.zdnet.com/articles/ax_51143.htm.

The URL for information from ZDNet about the Christmas Kriz virus is http://updates.zdnet.com/articles/ax_51144.htm.

New Virus Coming Called NAVIDAD...
November 11, 2000

AP National
Computer Virus Strikes 10 Companies

by D. IAN HOPPER
Associated Press Writer

WASHINGTON (AP) -- Computers in at least 10 Fortune 500 companies have been infected recently by an annoying but only mildly dangerous Christmas-themed virus that security experts call ''Navidad.''

The virus, which affects computers using Microsoft's Windows operating system, arrives as a reply when a user sends an e-mail to an infected computer. The attachment, called ''NAVIDAD.EXE,'' is mainly in Spanish, and antivirus experts believe the virus came from South America.

''We've seen at least 100 samples over the last 4 days, including at least 10 Fortune 500 companies,'' said Vincent Gullotto, top antivirus researcher at security company McAfee.com, adding that many of the virus-ridden e-mails have come from Brazil and Cuba.

When a person opens the Navidad attachment -- something security experts always warn against unless the user knows what the attachment is -- a message in Spanish reads: ''Never press this button.'' If the button is pressed, a message says: ''Feliz Navidad. Unfortunately you have given in to temptation and will lose your computer.''

But the computer isn't damaged, which Gullotto says may be because the virus is designed for the Spanish version of Windows. But the virus does place on the computer's desktop an icon that looks like an eye, which stops most programs from being run.

''It's not destructive, but it may cause your Windows system to lock up,'' Gullotto said. The program can be stopped manually, and several antivirus companies have developed software that both removes and protects against the virus.

Several viruses in the past have taken holiday themes. One that appeared last year only damaged an infected computer on Christmas Day.

But while the virus doesn't damage computers, security companies are still warning their customers because Navidad is spreading fast among large corporations. One security expert familiar with the virus, who spoke on the condition of anonymity, said both the petroleum company ExxonMobil and computer chipmaker Intel have been hit by Navidad.

As with any virus, experts suggest that consumers install an antivirus program and keep it updated at least once a month. They also recommend using an antivirus scanner to check an e-mail attachment before clicking on it.

On the Net:

McAfee.com: http://www.mcafee.com

Symantec Antivirus Research Center: http://www.sarc.com

VIRUS ALERT MAY 31, 2000 NEW VIRUS LOOKS LIKE A RESUME OR EXPLORER, ACTUALLY IS WORSE THAN ILOVEYOU VIRUS!!! THIS ONE COMES IN AN E-MAIL AS DESCRIBED HERE.

Subject: NEW VIRUS WARNING - READ THIS!!!

If you receive an email with the Subject titled "Resume - Janet Simons", DELETE IT!!! If you receive an email with an attachment named Explorer.doc, DELETE IT!!! If you receive any email with an attachment that you were not expecting to receive, DELETE IT!!!

Here is a brief description of the latest virus released into the public domain:

Virus Characteristics
This is a variant of the W97M/Melissa family with a very dangerous payload. This is a worm in that it does not infect the local host system. It spreads by email on opening of the document. It will arrive by Outlook email with the following format:

---------------begin copy of email--------
Subject: Resume - Janet Simons

To: Director of Sales/Marketing,

Attached is my resume with a list of references contained within.

Please feel free to call or email me if you have any further questions regarding my experience. I am looking forward to hearing from you.

Sincerely,

Janet Simons.
<Explorer.doc>
-----------------end copy of email--------

If the file EXPLORER.DOC is opened, it will forward an email all entries in all available address books.

As if this wasn't enough, this trojan will wait for the user to close the document before continuing with a more damaging payload.

On closing the document, this trojan will perform the following actions against the victim:

* try to copy itself as
"C:\WINDOWS\Start\Programs\StartUp\Explorer.doc"

* try to copy itself as "C:\Data\Normal.dot"

* try to delete all files in the following directories and drives in this order, making the system unusable if this occurs:
"C:\*.*"
"C:\My Documents\*.*"
"C:\WINDOWS\*.*"
"C:\WINDOWS\SYSTEM\*.*"
"C:\WINNT\*.*"
"C:\WINNT\SYSTEM32\*.*"
"A:\*.*" [may cause an error message]
"B:\*.*" [may cause an error message]
and *.* in the root of drives D: thru Z:

Thank you,

The GTS Duratek Information Systems Group

VIRUS ALERT MAY 19, 2000 NEW VERSION OF ILOVEYOU VIRUS IS OUT!!! THIS ONE DOES NOT GIVE THE SAME MESSAGE ALL THE TIME!!!

Update your virus .dat file now if you use Microsoft Outlook as your mail server. Be VERY careful about clicking on any file ending in .vbs as these can do real damage to your hard disk. The new variant of this virus will destroy important files on your hard disk making it necessary to clean the disk and reload all the files. Here is a link to a news report about the virus: http://www.washingtonpost.com/wp-srv/aponline/20000519/aponline003321_000.htm.

http://www.mcafee.com/viruses/loveletter/

VBS/LoveLetter.worm is a dangerous VBScript worm, discovered 5/4/00.

**UPDATE**: Two new variants were discovered at 3:00 pm today, 5/4/00. The information below applies to all known variants.

Description:

VBS/LoveLetter.worm arrives via email message with the subject line "ILOVEYOU". The text reads "kindly check the attached LOVELETTER coming from me.", and the worm is included in the attachment, called "LOVE-LETTER-FOR-YOU.TXT.vbs". Since you know the person sending it to you, you may be tempted to open it because you trust the person and his or her e-mail. If you open it, it can cause major damage to your files.

This worm attempts to send copies of itself through mIRC to the IRC channels and through Outlook to all address book entries.

VBS/LoveLetter.worm also attempts to download and install an executable file called WIN-BUGSFIX.EXE, a password stealing program that will email any cached passwords it finds to the mail address MAILME@SUPER.NET.PH.

McAfee.com Users

To use McAfee.com's many other online services, go to:

http://www.mcafee.com

Do you need help with viruses? Check out Doug Muth's Anti-Virus Help Page. Some quotes about this page: "The digitally afflicted can flock to Doug Muth's Anti-Virus Help Page to obtain details about computer viruses, answers to frequently asked questions and pointers to effective anti-virus software." - Snap; "...a smorgasbord of virus information..." - Usa Today (March 3rd, 1999); "...simple, homegrown, commercial-free virus advice..." - Yahoo! Internet Life (Februrary 15th, 1999)

McAfee anti virus home page. The place to go for current AV stuff.

CONTENTS