Deadlier Love Bug variant spotted in wild
Massive outbreak of Outlook patch downloading to ensue...
A more dangerous and difficult to track variant of the Love Bug is on the loose. Like Love Bug it uses Microsoft Outlook to propagate, but it's more destructive, and has the ability to vary the headers on infected messages - so unlike the Love Bug, it can't be tracked simply by scanning incoming headers.
According to Symantec, VBS.LoveLetter.FWA chooses a recently opened file from the Start/Document folder of the Microsoft Start menu, and uses this as the header, preceded by a FW:. What the recipient actually gets is a Visual Basic script attachment of the same filename, and when opened this overwrites files and trashes the computer. It affects both local drives and networked ones the user has write privileges to.
Symantec is classing it as a category four alert, a dangerous threat type that is difficult to contain. Its recommendation as an initial defence is to scan for a subject line that contains "FW" alongside an attachment with a .vbs extension. So would all you bozos out there still scanning the body of messages with no attachments please stop it?
Trend Micro, which says it's already posted an updated pattern file for the virus, adds the interesting information that it adds lines of random code to itself as it goes, so it's getting bigger. Trend has spotted a whopper of 400k, and the increasing attachment size will make it more and more likely that infected machines will knock mail systems over. Trend has a different take on behaviour though - the company says it goes through all directories and replaces all files with ones that are zero bytes in length.
So are there two of them? We'll know soon enough... ®
Sponsored: The Nuts and Bolts of Ransomware in 2016