=---------------------------------------------------= COMMENT ABOUT THE "I LOVE YOU" WORM by ThanatouAnghelos, 2000 You can dowload some useless articles like this at the following URL: articles.tahome.cjb.net. =---------------------------------------------------= As you know, recently another stupid lamer have made a dangerous worm technically called "VBS.Loveletter". I still haven't seen the code of this worm, and I'm sorry about that, but I've heard that this worm it a between the famous Melissa macro virus and another frequent VBS worm called Links.vbs that is sent via mIRC. The main interesting feature of Links.vbs is that the author used a sort of indirect way to let the computer execute the commands, so you see a long list of "0010011110101" that for an average VB programmer (like me, just for example) is difficult to understand. The first e-mail containing this worm has been sent from a mail server of Malaysia. The message is called "I LOVE YOU", and contains an invite to open a "LOVELETTER.TXT.VBS" file that is attached to the message. If you open the file, it automatically sends itself to each contact of your address book for lots of times, so that your e-mail client gets damaged. Loveletter also damages MP3s, JPEGs, mail archives and so on modifying them to make them unusable. And this is a feature that make Loveletter more harmful than Melissa (in fact Melissa just sended itself to the contacts and showed you a Word document containing a list of adult sites with userid and password to enter or request). Apart from that, I would take some considerations about Loveletter and other similar worms. First of all, VBS (and also JS) worms are not EXE files, so THEY CANNOT BE EXECUTED DIRECTLY, because they need some sort of "rutimes". If you have Windows 98 or later, they could be launched using WSH (Windows Scripting Host), that provides CSCRIPT.exe and WSCRIPT.exe to run them. If you have Internet Explorer 4 or later, they could be launched via the program or from an HTML document. So, if you don't have WSH or any similar program that could be associated to VBScript files, you can be sure that nothing happens 'cause you cannot execute the file. More wisely, if you are a bit experienced in Visual Basic and expecially in VBScript, you could open the source code with Notepad and analyze the source code to try to understand what the code is going to do on your computer in case of executing. After that, take general precautions: download the most recent upgrade of your antivirus (AVP warns you any about 14 days or less if you want; IBM AntiVirus releases new virus bases about each month); keep in mind that if you receive an e-mail from an address you don't know and he invites you to download a file or to open an attached file, it is certnaily a virus infecting action or at least spam. If you receive any file from mIRC, don't load it but just download. After that use a viewer or an editor to find some suspect strings, or contact an expert friend if you don't have any experience doing this. Finally, keep in mind that E-MAIL CANNOT BE HARMFUL ANYWAY because it can't contain executable code as they're text-only. If you receive an HTML, be a bit more careful because they could contain Java, Javascript, VBScript applets or ActiveX components that, however, CANNOT CHANGE ANYTHING ON THE LOCAL COMPUTER UNTIL YOU DON'T GIVE EXPLICIT AUTHORIZATION to to that. -=EOF=-