'Love' Virus adds another 'Friend'

Just when you thought it was safe to turn on your computer, another worm is winding its way into the wild.

The new worm, called VBS/FriendMess.A@mm.worm, was spotted Monday by Norwegian data security vendor Norman Data Defense Systems. According to the firm, the FriendMess worm is based on similar principles as the "I Love You" virus but is written to act differently.

The worm is contained in an attachment with the file name "FRIEND_MESSAGE.TXT.vbs." If the attachment is opened, the worm kicks in and adds instructions to the Autoexec.bat file to delete all files in the Windows directory, the Windows System directory and the Windows Temp directory, Norman said. Users incur damage the next time the system is turned on.

The worm also e-mails itself to all addresses in an infected user's Microsoft Outlook address book - one of the same actions that the "I Love You" virus inflicted on its victims.

According to Norman, the worm's subject line reads: "FRIEND MESSAGE," with "A real friend send this message to you" written in the body field. It also displays a message box with the text: "If you receive this message remember forever: A precious friend in all the world like only you! So think that!"

Norman said FriendMess doesn't overwrite any files on the hard disk or download information from the Web, as the original incarnation of the "I Love You" virus did.

Alan Komet, business manager of security solutions at Computer Associates International, said the company currently labels the FriendMess worm as "low risk" for users because the code isn't replicating itself at this point. "It's not a red alert," but CA will continue to watch the new virus, Komet said.

But Eric Hemmendinger, an analyst at Aberdeen Group, said watching for a virus to happen isn't enough.

The "I Love You" virus hit multimedia files, and it's a matter of time before another one goes after Microsoft Office documents, which could cripple companies, Hemmendinger said. Antivirus vendors are reacting to viruses very quickly, once they have samples, he said. "But within that hour or two, a lot of people could be impacted by a fast-moving virus."

To help protect themselves against the FriendMess worm and the numerous variants of the "I Love You" virus that have emerged, Hemmendinger suggested that PC users turn off the Windows Scripting Host feature built into Microsoft Outlook and the Internet Explorer browser if they don't have a burning need for the scripting capability.

Join the newsletter!

Error: Please check your email address.

More about Aberdeen GroupCA TechnologiesMicrosoftNormanNorman Data Defense Systems

Show Comments

Market Place

[]