|
|
|
|||
 |
 |
 |
 |
 |
|
|
|
 |
|
|
|
 |
|
|
|
 |
|
|
|
 |
|
|
|
 |
|
|
|
|
sponsored
by
|
|
|
 |
|
|
|
|
|
|
| Let
me be the first to extend a thank you to the clowns in the Philippines
who released the VBS.LoveLetter virus or worm. This may seem odd to
most. After all, LoveLetter wreaked a lot of havoc on networks across
the world. And almost as bad, forced us all to be bombarded with stories
by the over eager, sensationalistic "news" media clamoring
for trendy, pop, "tech" stories. However, I think that in
retrospect, LoveLetter was a good thing, acting as a harsh wake up
call to computer users to act responsibly and think before they act.
How could LoveLetter be good? Because it served as a lesson and as a precursor and ultimately a warning of things to come. As we all know, in the computer world, the future comes rapidly. In the case of the generation of worms like LoveLetter, the future came about a week later in the form of the VBS.NewLove worm.
So think back a few weeks and imagine the consequences of NewLove arriving before LoveLetter. What if LoveLetter overwrote all files instead of a select few? The damage would have been exponentially greater. Sure, after LoveLetter hit many systems were damaged and email servers ground to a halt. (And of course LoveLetter generated massive Internet traffic that undoubtedly created a performance hit to porn surfers worldwide, but that’s another story.) But at least in most cases, systems infected with LoveLetter could still be cleaned of the worm. If NewLove, or a similar worm had hit first, the only resolution to most infected systems would consist of 3 steps: RE-IN-STALL. As many are aware, having to completely reinstall a system is at best a very time-consuming task. Had NewLove spread to the extent of LoveLetter, the costs of recovery and lost productivity would have been astronomical. Why didn’t NewLove spread like LoveLetter? It certainly could have, considering that its delivery method was similar. Network and system administrators preach, no, beg users to not open unexpected attachments to emails, even if it comes from someone they know. In fact, many organizations have policies against doing so. I personally have explained, "You can’t get infected if you don’t open the attached file!" more times than I care to remember. Obviously, as evidenced by the rapid propagation of LoveLetter most people chose to disregard, didn’t understand, or weren’t properly educated about that simple idea. Well, after LoveLetter, I think computer users finally got the message. Because of LoveLetter and the press it received, computer users were extremely aware of the threat by the time NewLove came along. Early in the morning of the 18th, the news media was broadcasting the story of the new virus that was much like LoveLetter. Even 24-hour tabloid talk show/infomercial networks like FoxNews and MSNBC were refreshingly informative, featuring computer virus experts who advised people to simply not open any VBS attachment to email. Additionally, administrators on larger networks had blocked VBS attachments, and in some cases, all attachments, at the Internet gateways, thus protecting the entire local network from infection. Because of this level of awareness and preparation, NewLove and its devastating potential were in large part thwarted. So, again, thank you, LoveLetter, and to your creators, for the valuable swift kick in the ass. |
||
|
|
According
to Computer Associates, NewLove is not related to LoveLetter, but
is similar as it used the Outlook address book to find addressees
and used a similar visual basic script (VBS) to do its damage. NewLove
behaves like LoveLetter, but is much more devastating. While LoveLetter
overwrites, and thus destroys files of specific types, NewLove overwrites
ALL files not in use and as Symantec bluntly states on their website
"Since this worm overwrites all files regardless of extension,
proper removal can only be achieved by restoring the affected files
from known clean backups. The user may need to reinstall the operating
system as well since system files may have been destroyed."
Additionally, Symantec notes that NewLove chooses random subject
headers and creates new lines of random comments upon infection,
thus making it much harder to detect.
|
|
  |
|
|
|
|
 |
|
