| Information on the VBS/Loveletter Virus A new virus is circulating through e-mail and affecting many customers. If run, the virus could overwrite .jpg, .mp3, and other file types, and attempt to send a copy of itself to everyone in the recipient's address book. All major anti-virus vendors have updated signature files available that will detect and delete the virus. www.tartoos.com The e-mail containing the virus typically carries a subject line of "ILOVEYOU". Inside the mail is a short text message saying "Kindly check the attached LOVELETTER coming from me" and an attachment named LOVE-LETTER-FOR-YOU.txt.vbs. The attachment is the virus payload. It's important to note that the virus payload cannot run by itself. In order for it to run, the recipient must open the mail, launch the payload by double-clicking on it, and answer "yes" to a dialogue that warns of the dangers of running untrusted programs. Customers can avoid being affected by this virus by following standard best practices: www.tartoos.com * Never run an executable attachment, unless you fully understand its origin and purpose. * Always have a good-quality virus scanner * Always keep the virus scanner's signature files up to date. Two security updates to Outlook are available to help protect against malicious programs like worms and viruses: * A file attachment update is available for Outlook 97 , Outlook 98 and Outlook 2000 This update makes it more difficult to inadvertently launch attachments, by providing a more explicit warning dialogue, and preventing attached executables from being launched directly from e-mails. The update also is included as part of Office 2000 SR1. * A security update will soon be available for Outlook 98 * and Outlook 2000. This update will provide even greater protection than the file protection update. It prevents certain types of attached files from ever being opened or saved to disk, ensures that customers are alerted anytime a program attempts to send mail on their behalf, and changes the default Security Zone in which mail is processed. In addition, a tool is available for Exchange administrators that will let them strip attachments from all incoming mails. Information on this tool is available in Microsoft Knowledge Base article 224493. www.tartoos.com Copycat variants of the virus also have been reported. These new variants may have a different subject line or message body, but, like the original variant, their payload cannot execute unless the recipient chooses to launch it. Additional information is available at the following anti-virus vendors' web pages: * Computer Associates * McAfee Virus Scan * F-Secure * Symantec * Trend Micro |