Love bug variant not as destructive

A new, more destructive variant of the "I Love You" worm surfaced Friday, but its bite hasn't quite lived up to its bark because the widespread e-mail infestation of its predecessor has not materialised.

"It looks like most people woke up early to this and warned just about everybody they knew," said Chris Christansen, an IDC analyst.

Still, Christiansen warned that the new Visual Basic Script worm, dubbed NewLove, was not to be taken lightly. NewLove attempted to catch its victims off-guard by changing the subject field of the e-mail it travels in and the name of the attached file at random by picking up a filename from a user's list of recently used files. If launched, the worm immediately e-mails itself through a Microsoft Outlook address book and proceeds to delete all accessible files on the local hard drive and in the company network.

According to David Banes at Symantec's Antivirus Research Centre (SARC), a variant known as VBS.NewLove.A mutates to avoid detection, changing size each time it is spread. Banes said users should not open any attachment with a .vbs file but delete it immediately.

Symantec was alerted to the new strain by one of their customers in Israel. VBS.NewLove.A is currently classified as a category four alert by the SARC Threat Severity Assessment standards, indicating that it is a dangerous threat type difficult to contain. It has only one more stop before it reaches the top of the scale, category five being the most severe.

The VBS virus is an Internet worm that uses Microsoft Outlook to spread itself as an attachment with the subject line "FW: [attached file name]" along with the attachment listed in the subject line. The virus randomly chooses a recently opened file from the Start/Document folder in the Microsoft Start menu and attaches it to the e-mail as a .vbs file.

Not without its criticism, the .VBS restrictive "patch" that Microsoft plans to release next week for Outlook would have adequate measures to prevent NewLove from spreading, said Chris Le Tocq, research director for Gartner, in San Jose, California.

He said the recent rush of worm and virus attacks proves how much the world depends on one homogenous platform, creating a breeding ground these malicious code bombardments need in order to be successful.

"I think that we're a technology society that's attempting to find its balance between programmability and security," Le Tocq said.

Until the Microsoft Outlook patch is available and installed, a user's best defense against these attacks is to disable Windows scripting host outright, analysts advised.

"Right now, when Joe teenager can kill your systems at a whim, I'd say on a business functionality balance, do it," Le Tocq said.

Join the newsletter!

Error: Please check your email address.

More about GartnerIDC AustraliaMicrosoftSymantec

Show Comments

Market Place

[]