Feeds

Deadlier Love Bug variant spotted in wild

Massive outbreak of Outlook patch downloading to ensue...

  • alert
  • submit to reddit

High performance access to file storage

A more dangerous and difficult to track variant of the Love Bug is on the loose. Like Love Bug it uses Microsoft Outlook to propagate, but it's more destructive, and has the ability to vary the headers on infected messages - so unlike the Love Bug, it can't be tracked simply by scanning incoming headers.

According to Symantec, VBS.LoveLetter.FWA chooses a recently opened file from the Start/Document folder of the Microsoft Start menu, and uses this as the header, preceded by a FW:. What the recipient actually gets is a Visual Basic script attachment of the same filename, and when opened this overwrites files and trashes the computer. It affects both local drives and networked ones the user has write privileges to.

Symantec is classing it as a category four alert, a dangerous threat type that is difficult to contain. Its recommendation as an initial defence is to scan for a subject line that contains "FW" alongside an attachment with a .vbs extension. So would all you bozos out there still scanning the body of messages with no attachments please stop it?

Trend Micro, which says it's already posted an updated pattern file for the virus, adds the interesting information that it adds lines of random code to itself as it goes, so it's getting bigger. Trend has spotted a whopper of 400k, and the increasing attachment size will make it more and more likely that infected machines will knock mail systems over. Trend has a different take on behaviour though - the company says it goes through all directories and replaces all files with ones that are zero bytes in length.

So are there two of them? We'll know soon enough... ®

Top three mobile application threats

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Ex–Apple CEO John Sculley: Ousting Steve Jobs 'was a mistake'
Twenty-nine years later, post-Pepsi exec has flat-forehead moment
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
Number crunching suggests Yahoo! US is worth less than nothing
China and Japan holdings worth more than entire company
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.