ILOVEYOU (VBS.LoveLetter.A) is a Melissa-like worm that spreads through email and infects certain files.
ILOVEYOU spreads through email. It arrives as an attachment to an email message from someone whose address book contains your email address. The subject line is “ILOVEYOU”, and the message is “kindly check the attached LOVELETTER coming from me.” The attachment is titled “LOVE-LETTER-FOR-YOU.TXT.vbs.” When you open (click on) the attachment, it automatically mails *itself to every address in your Microsoft Outlook address book. When executed, ILOVEYOU installs itself in your system and mails itself to all the addresses registered in your Microsoft Outlook address book. This can degrade your system performance and clog mail servers. A scan of the visual basic code included in the attachment reveals that the virus may be corrupting files ending with .vbs, .vbe, .js, .jse, css, .wsh, .sct, .hta, .jpg, .jpeg, .mp2 or . hard drives as well as mIRC (a version of Internet Relay Chat).
It also appears to reset the default start page for Internet Explorer. This update to Dr. Solomon or McAfee VirusScan will detect the new ILOVEYOU virus. This worm is a VBS program that is sent attached to an email with the subject ILOVEYOU. The mail contains the message “kindly check the attached LOVELETTER coming from me,” and the attachment is called LOVE-LETTER-FOR-YOU.TXT.vbs. If you open the attachment, the worm executes, sending a copy of itself to every address listed in your Microsoft Outlook address book. To use this file, copy the extra.dat file into the VirusScan installation folder and reboot the computer. Profile Virus Name VBS/Loveletter.a Aliases I-Worm.Loveletter, IRC/Loveletter, Loveletter, Troj/LoveLet-A, VBS.Loveletter.a Variants *Name Type Sub Type Differences VBS/Loveletter.b Virus VbScript Subject=”Susitikim shi vakara kavos puodukui…” VBS/Loveletter.c Virus VbScript Files sent are “Very Funny.vbs”,”Very Funny.HTM” Date Added 5/4/00 Virus Information Discovery Date: 5/4/00 Origin: Phillipines Length: 10,307 Type: Virus SubType: VbScript Risk Assessment: High-Outbreak * Minimum Dat: 4077 Minimum Engine: 4.0.35 Virus Characteristics This is a VBScript worm with virus qualities.
The Term Paper on Anti Virus Programs Email Spyware
State Educational Institution of Higher Education Finance and Economics Faculty Business Languages Department Abstract Executed by: Dmitry Kovalenko, group IE-81 Checked by: Natalya V. Iv leva, Tutor of BLD Krasnoyarsk 2010 CONTENTS TOC h z t "1; 1" What a virus is PAGEREF Toc 251026694 h 3 What a worm is PAGEREF Toc 251026695 h 3 Anti-virus programs PAGEREF Toc 251026696 h 4 What is a Trojan ...
This worm will arrive in an email message with this format: Subject “ILOVEYOU” Message “kindly check the attached LOVELETTER coming from me.” Attachment “LOVE-LETTER-FOR-YOU.TXT.vbs” If the user runs the attachment the worm runs using the Windows Scripting Host program. This is not normally present on Windows 9x or Windows NT unless Internet Explorer 5 is installed. When the worm is first run it drops copies of itself in the following places : WINDOWSSYSTEMMSKERNEL32.VBS WINDOWSWIN32DLL.VBS WINDOWSSYSTEMLOVE-LETTER-FOR-YOU.TXT.VBS It also adds the registry keys : HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun MSKernel32=WINDOWSSYSTEMMSKernel32.vbs HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices Win32DLL=WINDOWSWin32DLL.vbs in order to run the worm at system startup. This worm searches all drives connected to the host system and replaces the following files: *.JPG *.JPEG with copies of itself and it adds the extension .VBS to the original filename. So PICT.JPG would be replaced with PICT.JPG.VBS and this would contain the worm. The worm also overwrites the following files: *.VBS *.VBE *.JS *.JSE *.CSS *.WSH *.SCT *.HTA with copies of itself and renames the files to *.VBS.
This virus locates instances of the following file types: *.MP3 *.MP2 and if found, makes them hidden and copies itself as these filenames except with .VBS extension. For isntance, if file exists as “2PAC.MP3”, this now becomes a hidden file and the virus is copied as “2PAC.MP3.VBS”. The worm creates a file “LOVE-LETTER-FOR-YOU.HTM” which contains the worm and this is then sent to the IRC channels if the mIRC client is installed. This is accomplished by the worm replacing the file SCRIPT.INI. After a short delay the worm uses Microsoft Outlook to send copies of itself to all entries in the address book. The mails will be of the same format as the original mail. This worm also has another trick up it’s sleeve in that it tries to download and install an executable file called WIN-BUGSFIX.EXE from the Internet. This exe file is a password stealing program that will email any cached passwords to the mail address [email protected] In order to facilitate this download the worm sets the start-up page of Microsoft Internet *Explorer to point to the web-page containing the password stealing trojan. * *The email sent by this program is as follows : * *————-copy of email sent———– *From: [email protected]: [email protected] *Subject: Barok… email.passwords.sender.trojan *X-Mailer: Barok… email.passwords.sender.
The Essay on Hacking Yahoo Password Email Address
I have tried the method a least a dozen times and it has worked on all but 2 occasions, I don't know the reason why it failed a couple of times, but on every other occasion it has got me the password for the requested email address. This is how it is done: STEP 1- Log in to your own yahoo account. Note: Your account must be at least 30 days old for this to work. STEP 2- Once you have logged into ...
*trojan—by: spyder *Host: [machine name] *Username: [user name] *IP Address: [victim IP address] * *RAS Passwords:…[victim password info] *Cache Passwords:…[victim password info] *————-copy of email sent———– * *The password stealing trojan is also installed via the following registry key: * *HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunWIN-BUGSFIX * *to autorun at system startup. After it has been run the password stealing trojan copies *itself to WINDOWSSYSTEMWinFAT32.EXE and replaces the registry key with * *HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun *WinFAT32=WinFAT32.EXE * * *Symptoms *Existence of files mentioned above, replacement of files as mentioned above. Email propagation *as described above. IRC file distribution as mentioned above. * *Method Of Infection *This virus will run if Windows Scripting Host is installed. Running the email attachment *received either accidentally or intentionally will install to the local system, and also *to all available drives, send via email message as an attachment and also via IRC if installed. * *Detection and removal of three known variants available from the download links below. * *VirusScan 4.0.3+ *Toolkit 8 * * *Removal Instructions *Script,Batch,Macro and non memory-resident: *Use specified engine and DAT files for detection and removal. * *Note- It is very common for macro viruses to disable options within Office applications for *example in Word, the macro protection warning commonly is disabled. After cleaning macro *viruses, ensure that your previously set options are again enabled. * *PE,Trojan,Internet Worm and memory resident: *Use specified engine and DAT files for detection. To remove, boot to MS-DOS mode or use an *emergency boot diskette and use the command line scanner such as “SCANPM C: /CLEAN /ALL”
The Term Paper on Computer Trojan Url Web
... access to files, private conversations, accounting data, etc. Password Sending Trojans The purpose of these trojans is ... Any accounting data (E-mail passwords, Dial-Up passwords, WebServices passwords, etc. ) - Email Addresses (Might be used for ... leaving the attacker alone with the victim's computer. There are so many other ... have placed some virus or infected macro documents on your machine to do ...
