Just wanted to warn everyone (no link yet)
May 4, 2000 7:24 AM   Subscribe

Just wanted to warn everyone (no link yet) - came into work this morning and a new virus has infected our server, and we've had many of our customers call in that have already been infected. It's subject line is "iloveyou". Attached to it is a VB Script- but I assume that most of the readership here would be smart enough to not open attachments like that. But figured it warrented a warning.
posted by TuxHeDoh (23 comments total) 1 user marked this as a favorite
 
Here's a link
posted by TuxHeDoh at 7:34 AM on May 4, 2000


The Symantec article should be a little more informative, but I can't even get it to come up right now. The site is swamped.

The email is running around my work, but the office I work on has nifty filters installed that remove .vbs attachments (Norton AntiVirus for Internet Email Gateways 1.0).
posted by endquote at 8:31 AM on May 4, 2000


Slashdot's got a discussion running on this. One of their staffers also posted a fix. Due warnings given-you have to know what you're doing around Windows.

The virus replaces all the JPEGS, CSS files, and MP3 files (and a few other extensions) on shared and local drives.

We got it at work today. I created a "Bozon Filter" to automatically delete the mail. Now our IT department knows who to yell at about opening attachments and not having Outlook set to high security.
posted by Electric Elf at 8:40 AM on May 4, 2000


I set up a filter to redirect them into a folder so I could have a count at the end of the day. I'm up to 57 so far!

I keep hoping people will learn not to open any attachment, even from people they trust. But it isn't going to happen.
posted by daveadams at 9:33 AM on May 4, 2000




>Two lines within the virus identify the author as...

Right. You bet. Definitely genuine. Always great to take any 'info' given in a virus at face value.
posted by EngineBeak at 10:39 AM on May 4, 2000


For me, this type of thing is another reason not to migrate my office to MS Exchange and Outlook. We've talked about this before, somewhere. When you have a product that literally millions of users and systems run. You have at least thousands of people hacking and chipping away at it trying to compromise it. I just hate to think of the cost of maintenance and remedies, all for the sake of Office 97/2k/Backoffice interoperability. It's just not a good trade-off.
posted by Dean_Paxton at 10:54 AM on May 4, 2000


"The virus was first reported in Hong Kong"
surely a Chinese tactic to disrupt world communications before they invade taiwan
posted by crawdad at 10:55 AM on May 4, 2000


It's hit the UK pretty bad and Channel 4 News (here in the UK) managed to get the most technologically incompetent interviewee to talk about the ILoveYou virus.

It's logic really, I mean why do people open this type of attachment?
posted by williamtry at 12:40 PM on May 4, 2000


Geez, this is mostly an Outlook [and sometimes IRC] problem, yes? It's hard to tell by reading the news articles because almost none of them mention this fact. People read the poorly written news articles and flip out, start finger-pointing at "The Internet" as the source of all evil. They ignore, or never receive the information that -- like many other viruses, literal and virtual -- some basic precautions can work wonders.

Since I've started working a tech support job I am becoming a one-woman army against badly written articles about technology that create more problems than they solve. Do you think Microsoft has spin-control people working on this, or the media just doesn't know any better?
posted by jessamyn at 12:41 PM on May 4, 2000 [1 favorite]


I *heart* Eudora lite.
posted by alana at 12:46 PM on May 4, 2000


eudora lite is free, and it treats attachments like attachments. outlook embeds them. eudora lite also has excellent filtering.

eudora lite is safe. macs and linux are safe.

what's almost as bad as the virus are the 200 follow-up emails WARNING you about the virus.
posted by Zeldman at 12:50 PM on May 4, 2000


I'll lay odds that ICOM's server was hit. I'm having a hell of a time trying to FTP and get my POP3 mail.
posted by EricBrooksDotCom at 1:00 PM on May 4, 2000


I just deleted it for the third time today. I finally set up a rule (in Outlook) to catch it and automatically delete it. So far it seems to be working quite nicely. And the best thing is that all of the warnings and updates are also getting deleted automatically.
posted by cousinjean at 1:02 PM on May 4, 2000


no!!! i was infected, all because I let my sister check her email, and she decided to check mine as well. And then she decided to open up what she thought would be a cute download.... the result is that all my porno .jpgs have now been destroyed. I think I'm going to cry.
posted by chaz at 1:03 PM on May 4, 2000


For those of you who are running your own mail server on UNIX with sendmail, you might want to block this crud at the server. Here's how I did it under Redhat Linux w/sendmail 8.9.3. Just edit your sendmail.cf so that it includes the lines:

HSubject: $>CheckSubject

SCheckSubject
RILOVEYOU $* $#error $@ 5.7.1 $: "Virus denied! For more information, see http:
//www.symantec.com/avcenter/venc/data/vbs.loveletter.a.html"

That's a tab between "$*" and "$#error", FWIW. So far, we've received three copies (before I made the config change) and blocked two. Enjoy.
posted by schampeo at 1:13 PM on May 4, 2000


pine is safe.
posted by sugarfish at 1:27 PM on May 4, 2000


Seems a good time to mention a source for Pine:
http://www.washington.edu/pine/
A tremendous product and it's free too. (Thanks sugarfish!)
posted by greyscale at 2:40 PM on May 4, 2000


If you're on Unix, you are, of course, safe from this anyway, but what the hell:

http://www.mutt.org

Mutt is Man's best friend...
posted by baylink at 3:10 PM on May 4, 2000


The flood of warnings are many times more damaging than the viruses that they are regarding... And most of the time, it's a hoax.

I'll take this opportunity to mention these sites since no one else has. Check them at the first breath of any "VIRUS WARNING!!!!":

Computer Emergency Response Team
  This is a particularly good page
Computer Incident Advisory Capability (US Dept of Energy)

posted by fooljay at 4:17 PM on May 4, 2000


I just got this virus... at 11:15pm. It took a while, but I got one! That's not the good part though. The good part is that I got it attatched to a message from a mailing list from one the U.S. distributor of F-Prot. Amazing. I saw the code, it's only vbscript for gods sake, it's not even complied, yet everyone was howling to the skies about this being the worst virus attack known to date.
posted by Dean_Paxton at 9:28 PM on May 4, 2000


you've all probably noticed the note at cert.org about emails with different attachment names and/or email subjects. the admin in our lab noticed some with subjects of 'Joke' and 'Fw: Joke'. time to update the filters, kids! still waiting for my share of the fun, though.
posted by iceberg273 at 9:38 PM on May 4, 2000


I haven't received a single copy of it. Either that means all my friends are smart, or that I don't have any friends.
posted by Steven Den Beste at 9:46 PM on May 4, 2000


« Older This article   |   Metallica and Napster: The Chat. Newer »


This thread has been archived and is closed to new comments