The latest virus to attack the world’s PC base has a nasty sting in its tail — it tries to steal passwords from the user’s system.
The Loveletter virus has already crippled the UK parliament’s email system and caused damage across the US as well as infecting Australian and New Zealand company systems.
“The good news is it doesn’t overwrite .doc files. That would have been a disaster,” says Scientific Software and Systems’ director of software development Mike Elston. He says the virus, which overwrites 12 file types including MP3 and JPEG, is probably the most destructive yet.
“That reflects the use of email rather than them being particularly smart or clever — if they were clever they would have launched this on Valentine’s Day or something like that.”
The virus itself masks the password-stealing trojan — an executable file called win-bugsfix.exe, which then reportedly emails any RAS passwords or cached Windows passwords to an email account.
“It modifies Internet Explorer’s home page to create a link to the exe program.” Elston says it isn’t clear at this stage whether the user has to launch IE to activate this part of the virus or not.
“It’s safe to say if you don’t have IE on your machine you’re probably OK.”
Elston recommends users who have been infected change any passwords they have on the infected machine.
“The site it contacts has been taken down, so the immediate threat has been removed, but I would change them just to be on the safe side.”
UPDATE: PC users should also be aware that the virus is being forwarded under a new name. Experts say to be wary of any file with the extension .VBS, which you are not expecting to receive. It has already been sent out under the name Very Funny.VBS.