McAfee said that 60 to 80 percent of its Fortune 100 clients were infected by the virus.
The infection first scans your PC's memory for passwords, which are sent back to the virus's creator. The infection then replicates itself to everyone in your Outlook address book. Finally, the infection corrupts files ending with .vbs, .vbe, .js, .css, .wsh, .sct, .hta, .jpg, .jpeg, .mp2, .mp3 by overwriting them with a copy of itself.
The swiftness with which the LoveLetter virus spread in May 2000 was a headache to system administrators scrambling to contain it, but its speed was actually a boon to investigators trying to track its source; it meant that the virus trail was still hot.
Wednesday, May 3, 2000: An electronic virus appears in computers in Asia and Europe. Among those hit are the European offices of Lucent Technologies, Credit Suisse, and the German subsidiary of Microsoft.
Thursday, May 4, 4:12 a.m.: The European offices of antivirus companies receive the first calls from clients who have been infected by the bug. By 5 a.m., researchers have begun to analyze the virus code for clues about how it works.
Initial analysis reveals that the virus is a Visual Basic code that comes as an e-mail attachment named LOVE-LETTER-FOR-YOU.TXT.vbs. Because Windows' default settings hide file extensions, many users do not see the .vbs on their screen. (VBS stands for Visual Basic Script, the most common language in which viruses are written.) When recipients click on the attachment, the virus uses Microsoft Outlook to send itself to everyone in the user's address book, then contacts one of four Web pages hosted on Sky Internet, an Internet service provider in the Philippines. From these pages, the virus downloads a Trojan horse named WIN-BUGSFIX.exe, which collects usernames and passwords stored on the user's system and sends them to an e-mail firstname.lastname@example.org the Philippines.
~~ TIP: Double click on My Computer, select Tools, Folder Options. Select the View tab and uncheck "Hide extensions for known file types."
7 a.m.: Antivirus vendors begin to distribute a definition for the virus to their clients, but it is already too late for companies on the U.S. East Coast, where love-starved workers are opening their e-mail.
1 p.m.: Amorous words are on everyone's lips as the virus spreads from mailbox to mailbox in the United States, including those at the Pentagon and the CIA. The FBI\'s National Infrastructure Protection Center (NIPC) launches an investigation to track down the distributor of the virus.
4 p.m.: The first LoveLetter variant appears, with "Very Funny Joke" replacing "I Love You" in the subject line.
6:40 p.m.: Antivirus companies begin posting definitions for LoveLetter to their Web sites for general users to download. By the end of the day, some 20 countries have reported infections.
Friday, May 5: Nine more variants of the virus appear, including the Mother's Day variant (timely, since Mother's Day is nine days away). It informs recipients that $326.92 has been charged to their credit card for a "mother's day diamond" order, and includes a note to see the attached invoice. When users click on the attachment, the virus destroys system files necessary for booting. Another variant comes disguised as a message from Symantec's tech support office. Click on the attachment, it says, and receive an I Love You update to your Norton antivirus software.
~~ TIP: In a virus crisis, DO NOT read update emails from friends. Only listen to your system admin or follow information on sites like Symantec.
Tuesday, May 9: Reports of virus infections begin to subside.
Wednesday, May 10: To date, 29 variants of the virus are reported, and first estimates place the number of infected machines at about half a million worldwide.
Thursday, May 18: Just as the outbreak begins to subside, NewLove appears, which seems to be a variant of LoveLetter but is much more destructive. A polymorphic worm, NewLove alters its code each time it moves to another machine, making detection difficult. The virus, which appears to have originated in Israel, overwrites any files on the hard disk that are not in use at the time of infection. While NewLove's reach does not match LoveLetter's--a bug in the program causes it to kill the host computer before it can spread itself through e-mail--it does destroy the hard drives on thousands of computers, mostly in the United States.
# 17:05 The Virus, Worm, and Trojan 411
Viruses, worms, and Trojans are malicious programs that can cause damage to your computer and information on your computer. They can also slow down the Internet, and they might even use your computer to spread themselves to your friends, family, co-workers, and the rest of the Web. The good news is that with an ounce of prevention and some good common sense, you are less likely to fall victim to these threats. Think of it as locking your front door to protect your entire family.
~ What is a virus?
Virus is computer code written with the express intention of replicating itself. A virus attempts to spread from computer to computer by attaching itself to a host program. It may damage hardware, software, or information.
Just as human viruses range in severity from Ebola to the 24-hour flu, computer viruses range from the mildly annoying to the downright destructive. The good news is that a true virus does not spread without human action to move it along, such as sharing a file or sending an e-mail.
~ What is a worm?
A worm, like a virus, is designed to copy itself from one computer to another, but it does so automatically by taking control of features on the computer that can transport files or information. Once you have a worm in your system it can travel alone. A great danger of worms is their ability to replicate in great volume. For example, a worm could send out copies of itself to everyone listed in your e-mail address book, and their computers would then do the same, causing a domino effect of heavy network traffic that would slow down business networks and the Internet as a whole. When new worms are unleashed, they spread very quickly, clogging networks and possibly making you wait twice as long for you (and everyone else) to view Web pages on the Internet.
Because worms do not need to travel via a "host" program or file, they can also tunnel into your system and allow somebody else to take control of your computer remotely. Recent examples of worms included the Sasser worm and the Blaster worm.
~ What is a Trojan?
Just as the mythological Trojan horse appeared to be a gift, but turned out to contain Greek soldiers who overtook the city of Troy, today's Trojans are computer programs that appear to be useful software, but instead they compromise your security and cause a lot of damage. A recent Trojan came in the form of an e-mail message that included attachments claiming to be Microsoft security updates, but turned out to be viruses that attempted to disable antivirus and firewall software.
Trojans spread when people are lured into opening a program because they think it comes from a legitimate source. To better protect users, Microsoft often sends out security bulletins by e-mail, but these bulletins will never contain attachments. We also publish all our security alerts on our Security Web site before we send notice of them to our customers.
Trojans can also be included in software that you download for free. Never download software from a source that you do not trust. Always download Microsoft updates and patches from Microsoft Windows Update or Microsoft Office Update.
~ How do worms and other viruses spread?
Many of the most dangerous viruses were primarily spread through e-mail attachments—the files that are sent along with an e-mail message. You can usually tell if your e-mail includes an attachment because you will see a paperclip icon that represents the attachment and includes its name. Photos, letters written in Microsoft Word, and even Excel spreadsheets are just some of the file types you might receive through e-mail each day. The virus is launched when you open the file attachment (usually by double-clicking the attachment icon).
Tip: Never open anything that is attached to an e-mail message unless you were expecting the attachment and you know the exact contents of that file. Always SAVE TO DISK.
If you receive an e-mail message with an attachment from someone you do not know, you should delete it immediately. Unfortunately, you are no longer safe opening attachments from people you do know. Viruses and worms have the ability to steal the information out of e-mail programs and send themselves to everyone listed in your address book. So, if you get e-mail from someone with a message you do not understand or a file you were not expecting, always contact the person and confirm the contents of the attachment before you open it.
~ How can I tell if I have a worm or other virus?
When you open and run an infected program, you might not know you have contracted a virus. Your computer may slow down, stop responding, or crash and restart every few minutes. Sometimes a virus will attack the files you need to start up a computer. In this case, you might press the power button and find yourself staring at a blank screen.
All of these symptoms are common signs that your computer has a virus—although they could also be caused by hardware or software problems that have nothing to do with having a virus.
Beware of messages warning you that you sent e-mail that contained a virus. This may mean that the virus has listed your e-mail address as the sender of tainted e-mail. This does not necessarily mean you have a virus. Some viruses have the ability to forge e-mail addresses.
Unless you have up-to-date antivirus software installed on your computer, there is no sure way to know if you have a virus or not. If you do not have current antivirus software or if you are interested in installing a different brand of antivirus software, visit our Security software downloads page.
~ Return to sender
Recent security threats have spread through e-mails disguised as familiar-looking returned mail error messages. The attached file appeared to be the text of a message you may have sent to the wrong address, but if you opened it you fell victim to the virus. No matter how authentic an e-mail appears to be, make sure you know the contents of the attachment before you open it.
# 27:32 Help protect against viruses, worms, and Trojans
Although viruses, worms, and Trojans have very different characteristics, there are main ways you can help protect yourself against all of them.
Step 1: Never open an e-mail attachment from a stranger.
Step 2: Never open an e-mail attachment from someone you know, unless you know exactly what the attachment is and you should save it to disk to be safe, then open it.
Step 3: Always keep your antivirus software up-to-date.
Step 4: Keep your Microsoft software current using their online resources.
# 29:27 Next week we will be covering the basics of Wireless access from those that submitted questions via our website.