Broken-hearted email servers mark LoveBug anniversary Tuesday marks the tenth anniversary of the infamous LoveBug worm, the prolific malware strain that proved opening "flirty" emails from acquaintances seriously endangers internet hygiene. MessageLabs security team was the first to stop and name LoveBug, a mass-mailing worm later reckoned to have infected 45 million computer …
... was working at the Law Society of England and Wales at the time.
After the panic had died down and the working day ended a group of us spent the evening in the Law Soc bar with 4 page print-outs of the things .vbs code, discussing its workings.
People running from office to office, whipping out Ethernet cables, general panic and mayhem.
An interesting day for sure. :)
Yukk, it's green!
It should be viewed through rose tinted spectacles, because whilst the new threats are much more serious I do recall this one being a major pain in the arse at the time. Didn't get caught out, but it was so widespread that that didn't seem to matter - everyone else you tried to communicate with was fubarred !
"Crucially, a security shortcoming of the time means the final .vbs extenuation was hidden by default from Windows users, who were therefore easily duped into thinking the email contained only an innocuous txt file attachment."
I'm pretty sure that's a "feature" on even the newest windows versions
The problem was the double extension not the fact that you can hide the extension (and that it is enabled by default).
Windows would use the first dot at the extension rather than the last dot so it would use the .txt icon not the .vbs. Try it and see! I have been using double extensions for a long time, In fact create a default code behind page in a asp.net website and see what the file is called.
Not sure it would have made much, if any, difference had it been visible.
Most of the users I know would look at that and go ".vbs? no idea what that means......I wonder what it does? <click>". Maybe less likely these days, the cattleprod-reinforced message is gradually getting through, but back then......!
Anyone who knows what a .vbs is should be the sort who treat unchecked, unsolicited email attachments as if they were UXBs anyway, regardless of what they're called.
I remember that, I was working in DBA team and these mails came up...the mail team were ALL down the pub! "Can you come back, I think there's something funny going on?".
The best bit was that we couldn't use email to tell users to stop opening the mails! So 5 people were told to run around the whole office and tell users to stop using Outlook. The sight of people having to....*GASP*... pick up the phone and talk to other people!
"MessageLabs security team was the first to stop and name LoveBug" - no, they weren't:
http://www.f-secure.com/weblog/archives/00001946.html
"Crucially, a security shortcoming of the time means the final .vbs extenuation was hidden by default from Windows users" - of the time?! Well, the time is now, 'coz it's still there.
"The worm used infection routines written in VBScripts" - VBScript, not "VBScripts".
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
