Last Thursday, May 4th, thousands of computers around the world were struck by a new malicious email message that spread at an extremely high rate all over the world. The message with a subject line of "ILOVEYOU" traveled quietly through firewalls and went undetected by anti-virus programs; it was anything but love. Attached to the message is VisualBasic Script that does the dirty work. Technically, the malicious email message is classified as a network worm, since it's a self-contained program that has the ability to replicate itself across the net.
Once Internet Explorer executes the attached script automatically, it will replicate itself by sending 1 email message to each email address stored at the Microsoft Outlook address book. Then, it will create several files on your hard disk and modify the Windows registry system so to create a safe operating environment for itself. It also overwrites many files on the hard disk, but most notably all MP3 and JPEG files. The virus also modifies the Internet Explorer start page to download a program to the system that will run during system boot. Lastly, it creates an mIRC script that enables the worm to replicate through IRC channels.
Are You At Risk?
All Windows-based computers are potential targets. If the Windows scripting host is installed, then the possibility of getting infected is almost certain, provided that the attachment is opened, regardless of the email client used. Email clients include Microsoft Outlook, Outlook Express and other non-Microsoft email programs.
Users running Linux, Macintosh and other platforms are not at risk. The worm will, on the other hand, pass through these platforms to Windows systems undetected. The main reason for the inability of the worm to infect these systems is due to the fact that it only targets computers with a Windows Scripting Host enabled, found only in Windows.
Detection & Prevention
If you get a message with the subject "ILOVEYOU", delete the message without opening it. Turn off the VisualBasic scripting capabilities in your browser and update your anti-virus program's virus definition data file. It is highly recommended to use one of these scanning programs to prevent future virus infections.
If you received the message and your PC got infected, then delete the following files: MSKernel32.vbs located in the Windows System directory, Win32DLL.vbs in the Windows directory, LOVE-LETTER-FOR-YOU. TXT.vbs in the Windows System directory, WinFAT32.EXE in the Internet download directory and script.ini in the mIRC directory, if you are using mIRC.
Finally, you should inform the person you received the email from and all persons in your address book so they can take proper precautions.
