-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----- Original Message ----- From: Petr_FPL Odehnal <fpl@grisoft.cz> To: <avg-cz@grisoft.cz> Sent: Monday, May 08, 2000 6:19 PM Subject: VBS/Iloveyou - prehled znamych variant > VBS/Iloveyou - prehled znamych variant > ====================================== > > Ale nejdriv jedna dobra zprava: > http://www.zdnet.co.uk/news/2000/18/ns-15233.html > > VBS/Iloveyou.B > -------------- > > Posila tento mail: > Predmet: > Susitikim shi vakara kavos puodukui... > Text mailu: > kindly check the attached LOVELETTER coming from me. > Pripojeny soubor: > Very Funny.vbs > > Via IRC posila soubor: > LOVE-LETTER-FOR-YOU.HTM > > > VBS/Iloveyou.C > -------------- > > Posila tento mail: > Predmet: > fwd: Joke > Body of mail is empty > Pripojeny soubor: > Very Funny.vbs > > Via IRC posila soubor: > Very Funny.HTM > > > VBS/Iloveyou.D > -------------- > > Posila tento mail: > Predmet: > How to protect yourself from the IL0VEY0U bug! > Text mailu: > Here's the easy way to fix the love virus. > Pripojeny soubor: > Virus-Protection-Instructions.vbs > > Via IRC posila soubor: > Virus-Protection-Page.HTM > > Na zacatku je doplnen komentar: > Barok writes fucked code. And he can't spell for crap, either > > > VBS/Iloveyou.E > -------------- > > Posila tento mail: > Predmet: > Important ! Read carefully !! > Text mailu: > Check the attached IMPORTANT coming from me ! > Pripojeny soubor: > Important.TXT.vbs > > Via IRC posila soubor: > Important.HTM > > Do adresare windows a system vydropne soubory: > ESKernel32.vbs, ES32DLL.vbs > > Komentare na zacatku souboru jsou: > rem brain -Important(vbe) <What da fuck ?!> > rem by: BrainStorm / @ElectronicSouls > > Komentare v tom co vklada do SCRIPT.INI souboru mIRC jsou > zmeneny na: > ;BrainStorm > ;http://www.ElectronicSouls.8m.com > > > VBS/Iloveyou.F > -------------- > > Posila tento mail: > Predmet: > Yeah, Yeah another time to DEATH... > Text mailu: > This is the Killer for VBS.LOVE-LETTER.WORM. > Pripojeny soubor: > Vir-Killer.vbs > > Kod pro sireni pomoci IRC je odstranen. > > Komentare na zacatku souboru jsou: > rem Und noch so ein haessliches Ding > rem Construction with The Orginal Letter.A Vir > rem by Lucky2000 > rem > rem Hello all,,,Yes our PC are Infected... > > Start page Exploreru nastavi na jedno z techto URL: > http://www.yahoo.com/Vir-Killer.exe > http://www.msn.com/Vir-Killer.exe > http://www.Hotmail.com/Vir-Killer.exe > http://www.Aol.com/Vir-Killer.exe > > Zmena destrukcni akce: > Nenici soubory .js .jse .css .wsh .sct a .hta. > Misto souboru .jpg a .jpeg nici soubory .zip a .rar. > Misto souboru .mp3 a .mp2 vytvari skryte kopie souboru .asm a > .pas. > > > VBS/Iloveyou.G > -------------- > > Posila tento mail: > Predmet: > Mothers Day Order Confirmation > Text mailu: > We have proceeded to charge your credit card for the amount > of $326.92 for the mothers day diamond special. > We have attached a detailed invoice to this email. > Please print out the attachment and keep it in a safe place. > Thanks Again and Have a Happy Mothers Day! > mothersday@subdimension.com > Pripojeny soubor: > mothersday.vbs > > Via IRC posila soubor: > mothersday.HTM > > Komentare na zacatku souboru jsou: > rem hackers.com > rem by: hackers.com > > Start page Exploreru nastavi na jedno z techto URL: > http://www.hackers.com > http://www.l0pht.com > http://www.2600.com > http://www.hackers.com > > Zmena destrukcni akce: > Misto souboru .jpg a .jpeg nici soubory .bat and .ini. > > > VBS/Iloveyou.H > -------------- > > Posila tento mail: > Predmet: > Dangerous Virus Warning > Text mailu: > There is a dangerous virus circulating. > Please click attached picture to view it and learn to avoid it. > Pripojeny soubor: > virus_warning.jpg.vbs > > Posilani via IRC nefunguje, protoze si peclive vytvori soubor: > Urgent_virus_warning.htm > ale pokousi se odeslat: > _virus_warning.htm > > Komentare ze zacatku souboru jsou odstraneny. > > Start page Exploreru nastavi na: > http://skycable.tucows.com/files2/setup24.exe > > Zmena destrukcni akce: > Nici take soubory .wav .txt .gif .doc .htm .html a .xls. > > > VBS/Iloveyou.I > -------------- > > Mail ma nastavenu nejvyssi prioritu, jako odesilatel je uveden > support@symantec.com a mail dale obsahuje: > Predmet: > Virus ALERT!!! > Text mailu: > Dear Symantec customer, > Symantec's AntiVirus Research Center began receiving reports > regarding VBS.LoveLetter.A virus early morning on May 4, 2000 > GMT. > This worm appears to originate from the Asia Pacific region. > Distribution of the virus is widespread and hundreds of > thousands > of machines are reported infected. > The VBS.LoveLetter.A is an Internet worm that uses Microsoft > Outlook to e-mail itself as an attachment. > The subject line of the e-mail reads ILOVEYOU, with the > attachment > titled LOVE-LETTER-FOR-YOU.TXT.VBS. > Once the attachment is opened, the virus replicates and sends > an e-mail to all e-mail addresses listed in the address book. > The virus also spreads itself via Internet relay chat and > infects > files on local and remote drives including files with > extensions > vbs, vbe, js, sje, css, wsh, sct, hta, jpg, jpeg, mp3, mp2. > Users should exercise caution when opening e-mails with this > subject line, even if the e-mail is from someone they know, > as that is how the virus is spread. > Symantec Corp. today announced availability of the virus > definition > to detect, repair and protect users against the > VBS.LoveLetter.A virus. > This definition is available now via Symantec's LiveUpdate and > can > also be downloaded from the following web sites: > http://www.symantecstore.com/AF74211/promo/loveletter > http://www.digitalriver.com/symantec > Also as a quick solution Symantec Corp. offers Visual Basic > Script > to protect your PC against this worm. (See attached.) > Note! When executed, this script will protect Your PC from > being > INFECTED by VBS.LoveLetter.A virus. > To cure already infected PC's download Norton Antivirus Updates > mentioned above. > Symantec Corporation - > a world leader in internet security technology. > Pripojeny soubor: > protect.vbs > > Via IRC posila soubor: > protect.htm > > Komentare na zacatku souboru jsou: > rem rewritten by Ommenc / directly from HELL!!! / > <Fuck teachers, burn schools > > Start page Exploreru nastavi na: > http://3doc.dailypussy.com/gallery/bunny.html > > Taky zmeni Exploreru par dalsich polozek v registry: > Local Page: is set to copy of virus > Search page: http://astalavista.box.sk > Default_Page_URL: http://www.persiankitty.com > Default_Search_URL: http://www.thecrack.net > > A nastavi titulek okna na: > Mocro$oft Internet Exploder by Ommenc > > Zmena destrukcni akce: > Nici take soubory .bat a .com. > > > VBS/Iloveyou.J > -------------- > > Dukladne okomentovana verze puvodniho VBS/Iloveyou.A. Lise > se pouze prehlednejsim usporadanim zdrojoveho kodu a doplnenim > komentaru vysvetlujicich funkci jednotlivych casti viru. > > Uvodni komentar je doplnen o text: > Comments begining with ' added by The Hidden May 4 2000 > > > Detekce > ======= > > AVG s aktualizaci 145 je zatim pochyta vsechny, ale nepochybuji > o tom, ze se casem objevi nejaka dukladneji prepsana varianta. :-( > > ILOVEY_A.VBS Identifikovan > ILOVEY_B.VBS Nalezen > ILOVEY_C.VBS Nalezen > ILOVEY_D.VBS Nalezen > ILOVEY_E.VBS Nalezen > ILOVEY_F.VBS Nalezen > ILOVEY_G.VBS Podezreni > ILOVEY_H.VBS Podezreni > ILOVEY_I.VBS Nalezen > ILOVEY_J.VBS Nalezen > > > S pozdravem > > Petr_FPL Odehnal > > +------------------------------------------------------------------- > + > | Petr Odehnal Tel: +420-5-41243865 > | | Virus Researcher Fax: > | +420-5-41211432 | GRISOFT(c) SOFTWARE > | BBS: +420-5-41243858 | Lidicka 81, 602 00 Brno > | http://www.grisoft.cz | Czech Republic > | E-mail: fpl@grisoft.cz | > +------------------------------------------------------------------- > + > -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com> iQA/AwUBORbzGULb+1JlVdBdEQJ/GwCg5UEOoaVoObh9wSsv3JS4PPJiQDYAniZ4 44wJZU4eW+d+SsOIvEM6Ceul =kt8N -----END PGP SIGNATURE-----
This archive was generated by hypermail 2.1.2 : 04. 09. 2001, 01:46 CEST