, SecurityFocus 2000-05-04
A new Melissa-style email virus is spreading globally, and it loves you not.
“
We've been receiving calls from all over the world
”
The "love letter" is an attachment titled LOVE-LETTER-FOR-YOU.TXT.vbs. It is a decidedly unromantic Visual Basic script, which, if executed, sends a single copy of itself to every email address in the victim's Microsoft Outlook address book -- the same tactic used with devastating success by the Melissa virus in March, 1999.
The program also attempts to propagate over Internet Relay Chat, and it writes itself over other programs on a victim's hard drive, while replacing files with common point-and-click extension like .mp3 with deceptively named decoy copies of itself, according to analysis by vendors and computer security experts.
Dow Jones News Wire reported this morning that the virus has hit PR firms and investment banks in Asia particularly hard. Various reports say the virus has been spotted in Europe, the U.S. and Canada. Anti-virus software vendor Symantec
The Washington-based NIPC issued an
Within the virus code the author identifies his or herself as "spyder" from Manila, Philippines, with an email address of ispyder@mail.com. The author dates the code March, 2000. Another comment in the program reads, "i hate go to school." Spyder did not immediately answer an email inquiry Thursday morning.
In addition to spreading virulently, the worm also attempts to download and execute another program from any one of four web accounts hosted by Sky Internet, a Philippine ISP. "We're aware of that, and our network security people are taking the necessary actions of disabling the URLs that are sent by email," said Ronald Elciario, Network Administrator at Sky Internet.
"Our service was used as a gateway for the virus to spread out over the net," said Elciario. "We've been receiving calls from all over the world, mostly from the USA."
