« More Press Releases

May 4, 2000

PITTSBURGH—The CERT® Coordination Center (CERT/CC) at Carnegie Mellon University’s Software Engineering Institute (SEI) is fighting a new computer virus called the Love Letter virus.  As of 11:30 EDT this morning, the CERT/CC had received more than 120 reports of the virus, which affected 233,393 computers.

  “The reports are mounting fast,” says Kathy Fithen, manager of the  CERT/CC. “By 10:00, we had received 54 reports, and 94,365 computers had  been affected.”     

Users can get the virus through email, through Internet Relay Chat (IRC), and  through shared file systems. The presence of files named MSKernel32.vbs and  Win32DLL.vbs indicate infection.     

In infected email messages, the subject is “ILOVEYOU.” The body  of the message typically says, “kindly check the attached LOVELETTER coming  from me.” The attachment name is likely to be LOVE-LETTER-FOR-YOU.TXT.VBS.  For people who use Microsoft Outlook and a product called Windows Scripting  Host, simply previewing the message is enough to activate the virus. Thus advice  to avoid clicking on unsolicited email doesn’t help in this case, though  it does help users of email programs other than Outlook. In Internet Relay Chat  (IRC), a script is created during file infection. When a user logs into IRC  and connects to a channel, the virus sends a copy of itself to others on the  channel. In shared file systems, especially shared local area networks, everyone  who accesses an infected file gets the virus on their system.     

Current knowledge indicates that the virus works by setting the default homepage  in Internet Explorer to download a file that may be malicious. It reads the  user’s address book, sends copies of itself  through email to people  in that address book, and overwrites files on infected systems. The CERT/CC  will provide further technical details in an advisory, which will be published  later today.

    To get rid of the virus, users should get an update for their anti-virus software.  To help avoid getting the virus, they should disable active scripting in Internet  Explorer and their email program, and should avoid clicking on email attachments  and shared files. To prevent getting the virus through IRC, users should disable  automatic receiving of files (DCC is the file sharing mechanism for IRC).

    The CERT/CC continues to field reports and analyze the virus. More information,  including the forthcoming advisory, will be published on the CERT/CC web site  at http://www.cert.org/.

Help us improve

Visitor feedback helps us continually improve our site.

Please tell us what you
think with this short
(< 5 minute) survey.