virus threat again not a hoax

Watch Reply
More
Mark unread Print Skip to new
mark Antrim, Northern Ire, United Kingdom(Zone 8b) Jun 04, 2001

VBS.Lopez Vandal

Alias: LOVELETTER.CM@MM, JENNIFERLOPEZ.WORM, LOVELETTR.CN,
VBS_NAKEDBEACH.A, NAKEDBEACH.A
Threat Level: Medium
Type: Worm
Platforms: Windows 95/98/ME/NT/2000
Updated on: 4-June-2001

This is a variant of the LoveLetter with a dangerous payload added in the
form of the CIH virus is hexadecimal code which is converted to an executed
file by the VBScript and installed on the victim PC. The vandal arrives by
email as an attached file. It also destroys various multimedia, image and
script files it finds on the infected PC.
All versions of eSafe products already block this vandal!

Analysis
VBS.Lopez arrives in an email message with the following format:

Subject: Where are you?

Message body:

This is my pic in the beach!

Attached file: JENNIFERLOPEZ_NAKED.JPG.VBS

When the attached file is executed, it attempt to overwrite various files
on the system with its own code. It searches for files with the following
extensions: VBS, VBE, JS, JSE, CSS, WSH, SCT, HTA, JPG, JPEG. It appends
the file name and adds the VBS extension after the original extension and
then deletes the original files. This is similar to the LoveLetter vandal.
All eSafe products are protected against LoveLetter vandal and its
variants.
It then attempts to convert a version of the CIH virus which is encoded
inside the script into an executable file named CIH_14.EXE. The system
might get infected upon the next reboot. CIH is an extremely dangerous EXE
virus that can corrupt hard disc and CMOS data. All eSafe products are
protected against CIH virus.

eSafe Users
All eSafe products automatically block and remove this vandal as well as
CIH and LoveLetter that were also mentioned.




--------------------------------------------------------------------------------
For any eSafe related questions, please contact esafe.support@ealaddin.com
--------------------------------------------------------------------------------
This email is being sent by Aladdin Knowledge Systems Inc. (www.eAladdin.com)
You have received this message because our records indicate that you have
requested this information. Our mailing list is for the exclusive use of
Aladdin Knowledge Systems and is neither sold nor given to third parties.
If you no longer wish to receive emails from Aladdin, or your email address
has been added to our list without your consent, please unsubscribe by visiting:
http://www.ealaddin.com/maillist/maillist_signin.asp

Thank you.
--------------------------------------------------------------------------------

Post #5933
Quote

Post a Reply to this Thread

Please or sign up to post.
Back to Forum Homepage

More European Gardening Threads

Go to all European Gardening threads
BACK TO TOP