Broken-hearted email servers mark LoveBug anniversary
Tuesday marks the tenth anniversary of the infamous LoveBug worm, the prolific malware strain that proved opening "flirty" emails from acquaintances seriously endangers internet hygiene. MessageLabs security team was the first to stop and name LoveBug, a mass-mailing worm later reckoned to have infected 45 million computer users …
... was working at the Law Society of England and Wales at the time.
After the panic had died down and the working day ended a group of us spent the evening in the Law Soc bar with 4 page print-outs of the things .vbs code, discussing its workings.
People running from office to office, whipping out Ethernet cables, general panic and mayhem.
An interesting day for sure. :)
Yukk, it's green!
It should be viewed through rose tinted spectacles, because whilst the new threats are much more serious I do recall this one being a major pain in the arse at the time. Didn't get caught out, but it was so widespread that that didn't seem to matter - everyone else you tried to communicate with was fubarred !
"..Crucially, a security shortcoming of the time means the final .vbs extenuation was hidden by default from Windows users.."
No, its still there!!!!!!!
"Crucially, a security shortcoming of the time means the final .vbs extenuation was hidden by default from Windows users, who were therefore easily duped into thinking the email contained only an innocuous txt file attachment."
I'm pretty sure that's a "feature" on even the newest windows versions
Even on the supposedly much more secure Windows 7, this is still the default.
Why?!!
Nope, the newest version of windows (Windows 7, in case you hadn't heard) doesn't have this problem... because it doesn't come with any email client.
"Even on the supposedly much more secure Windows 7, this is still the default.
Why?!!"
Erm, because MS software still sucks?
The problem was the double extension not the fact that you can hide the extension (and that it is enabled by default).
Windows would use the first dot at the extension rather than the last dot so it would use the .txt icon not the .vbs. Try it and see! I have been using double extensions for a long time, In fact create a default code behind page in a asp.net website and see what the file is called.
Does it still do it in Outlook?
(I'll bet it does)
"How old do we all feel now? :("
Old enough to know that MS haven't changed anything much in all those years. Their software is still a mess of security holes.
We feel even older those of us who remember the AIDS Info Diskette from 1989...
Not sure it would have made much, if any, difference had it been visible.
Most of the users I know would look at that and go ".vbs? no idea what that means......I wonder what it does? <click>". Maybe less likely these days, the cattleprod-reinforced message is gradually getting through, but back then......!
Anyone who knows what a .vbs is should be the sort who treat unchecked, unsolicited email attachments as if they were UXBs anyway, regardless of what they're called.
I worked in a small office at the time. I sent an email to the 6 people there as well as warn them in person that this was going around and to delete it immediately.
Of course this didn't stop one idiot woman from opening it anyway.
I remember that, I was working in DBA team and these mails came up...the mail team were ALL down the pub! "Can you come back, I think there's something funny going on?".
The best bit was that we couldn't use email to tell users to stop opening the mails! So 5 people were told to run around the whole office and tell users to stop using Outlook. The sight of people having to....*GASP*... pick up the phone and talk to other people!
"MessageLabs security team was the first to stop and name LoveBug" - no, they weren't:
http://www.f-secure.com/weblog/archives/00001946.html
"Crucially, a security shortcoming of the time means the final .vbs extenuation was hidden by default from Windows users" - of the time?! Well, the time is now, 'coz it's still there.
"The worm used infection routines written in VBScripts" - VBScript, not "VBScripts".
And where might a sentimental mind get a copy of the source from these days? I reckon it could look better than that green blob that someone rendered out of it.
I picked up a love-bug type of infection ten years ago. It's not something I'm proud of or want to remember though.
Sign up, sign up for The Register's weekly IT security newsletter - click here
