It can be destructive but apparently it's easy to stop it before it does that.
That and the files it deletes are mostly images and sounds. I believe it
needs to get the downloaded win-bugsfix.exe file and that server/source
is unreachable. It's bad as it represents another possble way to compromize
MS based systems that are ubiquious. To any other system or a tightend
MS one it's noise.
Well read up on it as it takes advantage of all the cute little widgets of IE5.0
namely instant messaging, Chat and Active-x controls. Once on the system
it uses the outlook/outlookexpress addressbook to send itself to friends
and contacts. so if it get to insystem in the average company within minutes
every one there has it and it will cascade.
If you don't have IE 5.0 or outlook (office87/98 or 2000) your safer. Even
when you install IE4.0/sp1 you can kill off some of the toys and make it
much harder to infect.
The problem is not so much crappy MS as its peoples affliction for
toys and not tools. That and W95/98 are very bad for security and
win2000 and NT run close if not set up right. W9x effectively has
no security and if the user is SHARING folders/files on the local net
and using a modem to access the internet that system makes a
fine proxy. If you admin uses some sense and takes advantage of
even w9x security and policy stuff you can be far more resistant to
much of the junk.
Allison
-----Original Message-----
From: Steve Robertson <steverob(a)hotoffice.com>
To: classiccmp(a)classiccmp.org <classiccmp(a)classiccmp.org>
Date: Thursday, May 04, 2000 4:24 PM
Subject: RE: Watch for "ILOVEYOU" loveletter.VBS bug
It's certainly spreading fast, I've already received three corrupt messages.
Two of them came from other list servers (not this one) that I belong to and one came from
a friend.
Fortunately, I don't think this one is too distructive...
Steve Robertson <steverob(a)hotoffice.com>
It's an email worm that takes advantage of MS
Active-x controls.
This is a wide spreading fast mover and packs a payload.
Locally several companies have reported it and it was only launched
less than a day ago.
WWW.f-secure.com has details.
Allison