Today on CD Freaks CD Freaks Login CD Freaks Signup Search Sections

Latest Reviews Review Archive

Todays News News Archive Tip our Editors

Latest Software DVD Copying Diagnostic Utility DVD Duplication Burning and Backup Audio Software

PC burners/players Flash Memory Televisions Portable music/video devices Camcorders Digital video recorders Hard disks Standalone players

All forums Hardware High Definition

Even more destructive virus alert !

Posted on 19/05/00 14:02 by Jan Willem

Submitted by: Administr8or
Source: http://www.symantec.com

VBS.NewLove.A

SARC, in conjunction with other anti-virus vendors, has renamed this worm from VBS.LoveLetter.FW.A to VBS.NewLove.A.

The VBS.NewLove.A is a worm, and spreads by sending itself to all adressees in the Outlook address book when it is activated. The attachment name is randomly chosen, but will always have a .Vbs extension. The subject header will begin with "FW: " and will include the name of the randomly chosen attachment (excluding the .VBS extension) Upon each infection, the worm introduces up to 10 new lines of randomly generated comments in order to prevent detection.

Technical Description:

This polymorphic Loveletter variant will overwrite ALL files that are not currently in use regardless of extension. It arrives as an email message with a subject of "FW: FILENAME.EXT" and an attachment named "FILENAME.EXT.VBS" (where FILENAME.EXT is derived from the infected user's recently opened documents list.) The body of the email is empty. If no documents have been used recently, this name is randomly generated. If the message has been generated by a system running Windows NT or Windows 2000, then the filename will be omitted and the subject of the message will be "FW: .EXT" and the attachment name will be ".EXT.VBS" (again, the file extension will vary depending on the recently opened documents list of infected machines.)

Removal:

The contents of all files will be deleted, leaving the affected files with a byte length of zero. The worm will also append the extension '.vbs' to each of these files. For example, the file calc.exe will become calc.exe.vbs. Since this worm overwrites all files regardless of extension, proper removal can only be achieved by restoring the affected files from known clean backups.

More info: Symantec

---------------
They get better and better

Latest News

more cdfreaks.com news

DRM-free games no worse off with piracy