As God can protect His people under the greatest despotism, so the utmost civil liberty is no safety to them without the immediate protection of His Almighty arm. I fear that Christians in this country have too great a confidence in political institutions…[rather] than of the government of God.
Alexander Carson

Forums

Forum Navigation
You need to log in to create posts and topics.

SHOUDER TO SHOULDER VIRUS ALERT ---- 5/4/00

Forum Archives
Forum Archives
1,484 Posts
#1 · May 4, 2000, 1:30 pm

Posted by: lifeunlimited <lifeunlimited@...>

DEAR SHOULDER TO SHOULDER SUBSCRIBER:

As you know I am an ardent critic of passing unverified virus warnings.

However ---- THIS ONE IS LEGITIMATE.

For that reason I am forwarding the following information to you. PLEASE
SEND IT TO THOSE YOU CARE ABOUT.

I'm on the way out the door and will be away two days, so don't have time
to edit this thing down for you. Please read through it carefully.

In His Bond,

Bob

Bob Tolliver ---- Rom 1:11-12
Life Unlimited Ministries
E-mail: [email protected]
Do You Receive "Shoulder To Shoulder"?

Hi,

It's legitimate.

On Thu, May 04, 2000 at 04:24:47PM +0000, [email protected] wrote:
> May 4, 2000
>
> Hey, guys!
>
> Know anything about this? I'm totally skeptical of everything I get
like
> this, as you know. The thing that causes me concern as to its possible
> legitimacy, though, is the existence of a website ---- which, of
course,
> could be a trick in itself.
>
> Let me know what you think.
>
> Bob
>
> Bob Tolliver ---- Rom 1:11-12
> Life Unlimited Ministries
> E-mail: [email protected]
> Do You Receive "Shoulder To Shoulder"?
>
> --------- Forwarded message ----------
>> Attention: VIRUS ALERT !!! - The "I Love You" virus.
>
> It has come to our attention that a very malicious virus has been in
> common circulation over the last 24 to 48 hrs. The virus appears to be

> transmitted by email. Avoid opening emails with a subject line
> containing, "ILOVEYOU." They contain a VisualBasic script that is a
> virus that may executed from even a preview of the message.
>
> We are currently researching symptoms and signs to help better diagnose

> infections and repair damaged systems. To our knowledge, most
> commercial anti-virus software does not currently detect or eradicate
> this new virus.
>
> The Symantec Antivirus Research Center (SARC) rates the virus as "HIGH"

> in all three categories - damage, wildness, and distribution. For the
> most recent information on this and other new viruses, please visit
> http://www.symantec.com/ OR http://www.symantec.com/avcenter/
>
> This issue I have received many calls about this morning (5/4/00).
> Please be on the look out for it as I know of 7-8 major multi-national
> corporations whose systems have been infected with this virus this
> morning. They're local I.T. people called me up about this this
> morning. (The phone's been ringing off the hook! I hope they catch
> the person who created this one!)
>
> Below is some technical information from the Symantec web site in case
> it is too busy for you to access. While the information is technical
> in nature, it contains particulars for a computer technician to use to
> eradicate the virus from your system.
>
> This message is brought to you by:
>
> Gary Hendricks, MCP
> Integrated Resources Corporation
> [email protected]
> http://www.ir-c.com
> 515-274-0817
>
> ---------------------------------------------
>
> VBS.LoveLetter.A
> The Symantec AntiVirus Research center began receiving reports
> regarding this worm early morning of May 4, 2000 GMT. This worm appears

> to originate from the Manila, Phillipines. This worm has wide-spread
> distribution and hundreds of thousands of machines are reported
> infected. This worm sends itself out to email addresses in the
> Microsoft Outlook address book and the worm also will spread itself via

> mIRC and infect files on local and remote drives including files with
> the extensions vbs, vbe, js, jse, css, wsh, sct, hta, jpg, jpeg, mp3,
> mp2
>
> Also known as:
>
> Category: Worm
>
> Infection length: 10307
>
> Virus definitions: May 4, 2000
>
> Threat assessment:
>
> ---------------------------------------------
> Number of infections: More than 1000
> Number of sites: More than 10
> Geographic distribution: High
> Threat containment: Difficult
> Removal: Difficult
>
> ---------------------------------------------
> Payload:
>
> Large scale e-mailing: Sends itself to addresses in the Microsoft
> Outlook Address Book
> Degrades performance: May clog mail servers
> Distribution
>
> Subject of e-mail: ILOVEYOU
> Name of attachment: LOVE-LETTER-FOR-YOU.TXT.vbs
> Size of attachment: 10307
>
> ---------------------------------------------
> Technical description:
>
> When executed, the worm will copy itself to the Windows System
> directory as MSKernel32.vbs, the Windows directory as Win32DLL.vbs, and

> the Windows System directory as LOVE-LETTER-FOR-YOU.TXT.vbs
>
> The worm checks if the file WinFAT32.exe exists in the Windows System
> directory. If the file does not exist, the worm sets the Internet
> Explorer Start Page to a website with the file WIN-BUGSFIX.exe. This
> website is currently unreachable. The webpage has apparently been
> shutdown, but this may be do to load on the webserver.
>
> If the file does exist, the worm will create the following registry
> key:
>
> HKLMSoftwareMicrosoftWindowsCurrentVersionRunWIN-BUGSFIX
>
> and execute the file on start up. The Internet Start Page will then be
> replaced to a blank page.
>
> For each drive including network drives, the virus will attempt to
> infect files with VBS, and VBE extensions.
>
> The worm will also search for files with the extensions JS, JSE, CSS,
> WSH, SCT, HTA, JPG, JPEG, MP3, MP2 and create a file with the same
> name, but with the extension VBS.
>
> The worm will also spread via mIRC by creating a script.ini file in the

> mIRC program directory which will send the dropped file
> LOVE-LETTER-FOR-YOU.HTM to other users in the chatroom.
>
> The worm uses MAPI calls to the Microsoft Outlook application and
> creates messages by iterating through all the address in the Microsoft
> Outlook Address Book. The worm will mark these recipients using the
> registry in attempt to only send them the mail once.
>
> ---------------------------------------------
> The subject of the message is: ILOVEYOU
>
> The body of the message is:
>
> kindly check the attached LOVELETTER coming from me.
>
> ---------------------------------------------
> Attached to the message is the file: LOVE-LETTER-FOR-YOU.TXT.vbs
>
> Finally, the virus will also drop the file LOVE-LETTER-FOR-YOU.HTM in
> the Windows System directory, which is sent in conjunction with mIRC.
>
> ---------------------------------------------
> Removal:
>
> Find and delete infected files
> Remove the registry key:
>
> HKLMSoftwareMicrosoftWindowsCurrentVersionRunWIN-BUGSFIX
>
>
> Restore your Internet Explorer Start Page
>
>
>
>
> -gh Via:
> [email protected]
>
>
========================================================================
>
> Gary Hendricks, MCP, CTA Microsoft Certified
> Professional
> Integrated Resources Corporation Corp. Email:
> [email protected]
> PO Box 13477 Mobil Email:
> [email protected]
> Des Moines, IA 50310-0477 Home Email:
> [email protected]
>
>
========================================================================
>
> Providing tomorrow's answers for life today!
>
>
========================================================================
>
>
>
>
>

--
welovegod.org - THE Place to Associate!
http://www.welovegod.org
Over 100 Inspirational/Technical E-mail Lists
welovegod.org/lists.html

Click for thumbs down.0Click for thumbs up.0