PlanetCrap 6.0!
Front Page (ATOM) • Submission Bin (2) • ArchivesUsersLoginCreate Account
You are currently not logged in.
T O P I C
Love, Love Me Do, You Know ILOVEYOU
May 6th 2000, 09:38 CEST by Mugwum

The ILOVEYOU virus that's been getting such extraordinary media attention in the last two days or so has supposedly affected over 2.5 million computers in the States alone. Worldwide it has caused a lot of lost time and plenty of frustration. For those of you who don't know, the list of ailments it infects you with are as follows...



    It locates all .vbs, .vbe, .js, .jse, .css, .wsh, .sct, .hta, .jpg, .jpeg, .mp3 and .mp2 files, creates a copy of the virus with the same filename and a .vbs extension, then deletes the original.

    It trys to get Internet Explorer to go to one of 14 mirrors of a site based in the Phillapines, to which it supposedly transmits a bunch of details.

    It creates a registry entry that forces the virus to be executed every time you boot.

    Last, and most famously, it sends itself to everyone in your Address Book with a message titled "ILOVEYOU" or (more recently) "Fw: Joke".

My question is, does anyone actually use .vbs files for anything other than virii? I should give credit where credit's due, this train of thought came courtesy of The Tech Report, who made the exact same point. A little investigation of my hard-drive reveals only three .vbs files, and they're tutorial scripts for CRT, my Telnet application.

Incidentally, a sure-fire way to avoid being infected by ILOVEYOU is to set your file associations to open all .vbs files with Notepad primarily. That way all that will happen is that the source code of the virus will be displayed and it will be harmless to you.

This isn't an invitation to argue vehemently, as so many of the other threads here at PC seem to be. Instead I'm genuinely interested - how many of you have multiple .vbs files on your hard-drives, and what are they being used for?

C O M M E N T S
Home » Topic: Love, Love Me Do, You Know ILOVEYOU

|«« - Previous Page - Next Page - »»|
#1 by "Dethstryk"
2000-05-06 09:42:44
dethstryk@damagegaming.com http://www.damagegaming.com/
<quote>My question is, does anyone actually use .vbs files for anything other than virii?</quote>

In relation to sending .vbs files through email, I can pretty much say no. I don't see many .vbs files floating around in email attachments that are harmless, because basically .vbs is nice and easy for creating ugly virii.

Of course, there are some normal uses for .vbs files, but we only hear about the bad ones. Damn one-sided media.


--
Dethstryk
Damage Gaming
#2 by "Seth Krieg"
2000-05-06 09:45:42
sdk@rosenet.net http://www.unrealuniverse.com
I actually got the virus this afternoon, but by then I had already heard about it from a couple of people. I have 6 vbs files on my computer, I have no idea what they do. They're all located in C:\Windows\samples\WSH.

3y3 y4m n07 4 l33t h4x0r l1k3 r4dk4d1.


<I><B></B></I><I></I><I></I>
#3 by "RahvinTaka"
2000-05-06 09:51:59
donaldp@mad.scientist.com
<b>#2</b> "Seth Krieg" wrote...
<QUOTE>I actually got the virus this afternoon, but by then I had already heard about it from a couple of people. I have 6 vbs files on my computer, I have no idea what they do. They're all located in  
</QUOTE>

a lot of web dev groups use them in Australia (but then again this country is a haven for MS lovers). I also know a few people who use Window scripting host to automate/script applications that occasionally use it (apparently better debugger than javascript/python etc)

 btw C:\Windows\samples\WSH means you have windows scripting host installed

<QUOTE>3y3 y4m n07 4 l33t h4x0r l1k3 r4dk4d1. </QUOTE>
See your not a elite hacker like rad-dood ????<I><B></B></I><I></I><I></I>
#4 by "Mugwum"
2000-05-06 09:53:06
tom@eurogamer.net http://www.eurogamer.net
By the way, the source code to ILOVEYOU can be seen in its entirety at this address:

http://www.sans.org/y2k/050400-1100.htm
#5 by "Jafd"
2000-05-06 09:53:26
I have the same six .vbs files in my sample directory. Woot. I always wanted to belong.

It staggers me that all these people around the world indiscriminately open email attachments. I mean, WHAT the HELL are they thinking?? If I get an attachment in email it had better be something I asked for, or it better come with a pedigree.<I><B></B></I><I></I><I></I>
#6 by "Dethstryk"
2000-05-06 09:56:33
dethstryk@damagegaming.com http://www.damagegaming.com/
<b>#2</b> "Seth Krieg" wrote...
<QUOTE>I have 6 vbs files on my computer, I have no idea what they do. They're all located in C:\Windows\samples\WSH.</QUOTE>

I guess that makes them competely useless, and a minor annoyance that they are even there if they aren't being used. :)


--
Dethstryk
Damage Gaming
#7 by "Dethstryk"
2000-05-06 09:59:34
dethstryk@damagegaming.com http://www.damagegaming.com/
<b>#5</b> "Jafd" wrote...
<QUOTE>It staggers me that all these people around the world indiscriminately open email attachments. I mean, WHAT the HELL are they thinking?? If I get an attachment in email it had better be something I asked for, or it better come with a pedigree.</QUOTE>

Unfortunately everyone isn't at the intelligence level that PlanetCrap resides on, so of course the newbies are going to do whatever would seem the worst thing to do.

Hey, no offense to newbies. I love 'em all, because that's where we all were at one point.


--
Dethstryk
Damage Gaming
#8 by "RahvinTaka"
2000-05-06 10:00:31
donaldp@mad.scientist.com
<b>#5</b> "Jafd" wrote...
<QUOTE>It staggers me that all these people around the world indiscriminately open email attachments. I mean, WHAT the HELL are they thinking?? If I get an attachment in email it had better be something I asked for, or it better come with a pedigree.</QUOTE>

Most people who were hit bad were at the level of "What so you click on this Icon to bring up word ?". Thou I am surprised that CIA and other "secure" government agencies got hit .... goddam .... I can't even see why they allow Outlook on computers .... or even more to the point why they use windows in a supposedly secure environment<I><B></B></I><I></I><I></I>
#9 by "Seth Krieg"
2000-05-06 10:05:43
sdk@rosenet.net http://www.unrealuniverse.com
<b>#3</b> "RahvinTaka" wrote...
<QUOTE>
3y3 y4m n07 4 l33t h4x0r l1k3 r4dk4d1.
See your not a elite hacker like rad-dood ????</QUOTE>

Radkade1 - linux prophet who's posted here, maybe once or twice. :)<I><B></B></I><I></I><I></I>
#10 by "rubberpants"
2000-05-06 10:39:16
Perhaps people need to get aboard the cluetrain and not run attached files unless they know what thay're for.

Common people, does your mom usually send you a .vbs file in a piece of mail titled "ILOVEYOU"?

Use your f*#&ing head.
#11 by "Andy"
2000-05-06 11:09:28
andy@planetcrap.com
Damn, I was going to post something about this today!

My view of the whole thing is that we're about to see another fine example of the authorities solving the wrong problem. Why bother arresting the guy who wrote the virus? Why not go after Microsoft?

Prosecute the virus writer and you'll have another virus writer tomorrow. The problem is MS software being left wide open to abuse, and in a way that the average user (the most vulnerable) will have no concept of.

Sure, going after the virus writer could be a deterrent to other people trying the same thing, but it's like going after individual drug users instead of trying to get the dealers. The real problem isn't the virus writer, it's Microsoft adding a 'feature' that amounts to negligence.
#12 by "RahvinTaka"
2000-05-06 11:12:28
donaldp@mad.scientist.com
<b>#11</b> "Andy" wrote...
<QUOTE>Damn, I was going to post something about this today!

My view of the whole thing is that we're about to see another fine example of the authorities solving the wrong problem. Why bother arresting the guy who wrote the virus? Why not go after Microsoft?

Prosecute the virus writer and you'll have another virus writer tomorrow. The problem is MS software being left wide open to abuse, and in a way that the average user (the most vulnerable) will have no concept of.

Sure, going after the virus writer could be a deterrent to other people trying the same thing, but it's like going after individual drug users instead of trying to get the dealers. The real problem isn't the virus writer, it's Microsoft adding a 'feature' that amounts to negligence. </QUOTE>

here here !!<I><B></B></I><I></I><I></I>
#13 by "Mugwum"
2000-05-06 11:14:12
tom@eurogamer.net http://www.eurogamer.net
Heya Andy,

<quote>Damn, I was going to post something about this today!</quote>

Owned.

<quote>Why bother arresting the guy who wrote the virus? Why not go after Microsoft?</quote>

Exactly, all they have to do to make this impossible is to block script files like this from being sent out attached to emails. If Outlook had a little tab in its Security settings that let you specify which files you could open, it would have saved people time/trouble.
#14 by "Andy"
2000-05-06 11:17:30
andy@planetcrap.com
<a href="http://news.bbc.co.uk/hi/english/world/americas/newsid_738000/738127.stm">Happy news!</a> Ah, that's put me in a really good mood for today. :)
#15 by "Jafd"
2000-05-06 13:10:44
When this virus goes off doesn't it thrash the hard drive and choke up bandwidth with outgoing mail? How long does it take to do all that hookum that it does? Couldn't you just pull the plug?

Wait what am I saying. It runs in windows? Well, you know.

And i hear that it deleted files. They aren't like <i>really</i> deleted are they? I must confess I've never had much exposure to virii; come on, you get your files from reliable sources, you get your mail from people you expect to get mail from... aw hell they don't teach this stuff in school yet do they? Well they didn't teach it in mine, either, and I figured it out.

How insipid the sheople are. Any alien invader would have no trouble taking the planet if they were so inclined. <I><B></B></I><I></I><I></I>
#16 by "Andy"
2000-05-06 13:32:20
andy@planetcrap.com
<b>#15</b>, Jafd:
<QUOTE>
And i hear that it deleted files. They aren't like really deleted are they?
</QUOTE>
Yes.
<QUOTE>
come on, you get your files from reliable sources, you get your mail from people you expect to get mail from...
</QUOTE>
These virii send mail to people listed in someone's address book, so the people receiving them <b>are</b> receiving them from someone they know.
#17 by "Jafd"
2000-05-06 13:41:41
Can't they be <b>un</b>deleted? This is the year 2000 for pity's sake.

I think it is completely inane for someone to blindly open an attachment in an email without at least a semi-thorough description in the message body about what it is purported to be.

I think when I was about two years old I fell for the "here turn the crank on the side of this box; it'll be funny" schtick once. Once.<I><B></B></I><I></I><I></I>
#18 by "Jafd"
2000-05-06 14:04:41
I just heard the newsperson on the radio say, "be wary of any and all email and delete any you are unsure of."

ph34r |)4 MYT 3/\/\4||_<I><B></B></I><I></I><I></I>
#19 by "lechifre"
2000-05-06 15:40:37
user@casinoroyale.softnet.co.uk
You want to know how clever the average office computer user is? Our company got hit by the Lovebug. The IT dept. went bannas, and spent all morning wiping the whole factory of the virus, and warning everyone about the dangers etc....
That afternoon one of the secretaries opened up an e-mail titled "I love you" and ran the vbs attachment because it was from " someone she knew "!!!!!!!  The IT guys were crying late into the evening.

ONE of the effects of the virus was to clog up mail server bandwidth, and by doing this choke up the net. Does anyone else find it ironic that the thousands of e-mails warning people of the virus actually contribute to this bandwidth clogging?
#20 by "VeeSPIKE"
2000-05-06 15:48:17
appliedavoidanc@triton.net
<b>#5</b> "Jafd" wrote...
<QUOTE>It staggers me that all these people around the world indiscriminately open email attachments.</QUOTE>

I was under the impression that this virus acted like the bubbleboy virus; i.e. you did not have to open it directly. Outlook preview would do that for you. I might be wrong about that.

But you and I both know that the general publics memory is short, and the melissa scare was over a year ago. People forget what isn't right in front of them.

<b>#8</b> "RahvinTaka" wrote...
<QUOTE>Thou I am surprised that CIA and other "secure" government agencies got hit .... goddam .... I can't even see why they allow Outlook on computers .... or even more to the point why they use windows in a supposedly secure environment</QUOTE>

Why does that surprise you? They are still a government entity, that has clerical work that needs to be done, and that work is normally done by people hired off the street. They use WInblows because they almost have to here. Most people learn in the windows environment, and the CIA (and others) do not have the budget to re-train every user in a new system.

<b>#11</b> "Andy" wrote...
<QUOTE>Why bother arresting the guy who wrote the virus? Why not go after Microsoft?

Prosecute the virus writer and you'll have another virus writer tomorrow. The problem is MS software being left wide open to abuse, and in a way that the average user (the most vulnerable) will have no concept of. </QUOTE>

WHAT? That's like saying prosecute the bank for being robbed. Dumb. While MS should be resonsible for making sure their software  is as secure as possible, you cannot hold them accountable for the illegal action of somebody else.

<b>#11</b> "Andy" wrote...
<QUOTE>The real problem isn't the virus writer, it's Microsoft adding a 'feature' that amounts to negligence. </QUOTE>

The problem IS the virus writer. MS didn't stand over this guy with a gun to hi head and say "write a virus." He did it himself. He is the one that should be held responsible, he is the one who did the deed


<b>#15</b> "Jafd" wrote...
<QUOTE>And i hear that it deleted files. They aren't like really deleted are they? </QUOTE>
It replaces a whole list of media files with a copy of the virus, and then renames the files with the .vbs extension. If you have a file called mymom.jpg, it would delete that file and replace it with a copy of the virus file, and give it the filename mymom.jpg.vbs
 <I><B></B></I><I></I><I></I>
#21 by "Ryan Greene"
2000-05-06 15:48:23
At my last job they had outlook for email, and were using some kind of filtering software with it so that they could stop certain types  of things from going through the system (be it .jpg's anything with the word fuck in it, etc) Why can't the government get the same friggin tool? This is a company with something like 8000 users in the US, it's not that huge a system... WTF?!!!

On the other hand, getting a message with ILOVEYOU! as the title from a co-worker or friend, wouldn't you wonder (be suspicious) about that? In htis litigious day and age, that's the first piece of evidence in a sexual harrasment case (here in the US anyway.)
#22 by "Karl Palutke"
2000-05-06 15:52:29
palutkek@asme.org
Yep, same at our company.  Our exchange servers were shut down for most of Thursday morning.  Because of the way our company address book is set up, each person who opened the email sent <b>four copies</b> to <b>every single person in the company</b> (about 14000 total emails).

Of course we had the lectures from the IS people, and some sort of filter installed on the servers to detect and delete the .vbs files.  What do I have in my inbox first thing Friday morning?  Yep . . . four "Joke" emails from the company president.

<quote>Does anyone else find it ironic that the thousands of e-mails warning people of the virus actually contribute to this bandwidth clogging? </quote>

I'll bet they were insignificant compared to the actual virus-generated emails.
#23 by "Karl Palutke"
2000-05-06 15:54:36
palutkek@asme.org
<quote>Can't they be undeleted? This is the year 2000 for pity's sake. </quote>

They're overwritten, not deleted.  They're gone forever.  My roommate works with a web developer who lost MONTHS worth of graphic work because he didn't have backups.  I guess he learned an expensive lesson :)
#24 by "Andy"
2000-05-06 15:54:46
andy@planetcrap.com
<b>#20</b>, VeeSPIKE:
<QUOTE><QUOTE>
#11 "Andy" wrote...
Why bother arresting the guy who wrote the virus? Why not go after Microsoft?
</QUOTE>
WHAT? That's like saying prosecute the bank for being robbed.
</QUOTE>
It's like saying prosecute the bank for being robbed when the bank has been robbed half a dozen times in the last year and still insists on leaving the safe door wide open.
#25 by "Karl Palutke"
2000-05-06 16:04:51
palutkek@asme.org
<quote>It's like saying prosecute the bank for being robbed when the bank has been robbed half a dozen times in the last year and still insists on leaving the safe door wide open. </quote>

I don't think I'd prosecute the bank, but I wouldn't insure them, and there's no way I'd bank with them. . . as long as people are willing to put money in MS's bank the problems will continue (if not get worse).
#26 by "Mugwum"
2000-05-06 16:07:12
tom@eurogamer.net http://www.eurogamer.net
Heya VeeSPIKE,

<quote>I was under the impression that this virus acted like the bubbleboy virus; i.e. you did not have to open it directly. Outlook preview would do that for you. I might be wrong about that.</quote>

Arstechnica.com says the preview pane doesn't activate it, so I assume it's not like the bubbleboy virus.

Heya Andy, (add me to your ICQ list)

<quote>It's like saying prosecute the bank for being robbed when the bank has been robbed half a dozen times in the last year and still insists on leaving the safe door wide open.</quote>

Yep, and then arguing that a big sign on the door saying "no robbers allowed" is an adequate security methodology :)
#27 by "Jon Lauridsen"
2000-05-06 16:30:40
gaggle@traceroute.dk
One of my very not-so-l33t friends began lecturing me about how he had heard that this virus would even infect you just as you *checked* your mail! So he was all about how I should wait with the checking for about a week or so, so the dangers would have blown over...cuz, well thats what he had been told and heard on the news.
Even if a program were to execute scripts when it recived them, it sure as hell wouldn't help much to just wait heh. The medias are fireing off shit left and right it seems.
I've heard different stories so far about how it can infect, and..well I still don't really know yet for sure I guess, some say that with Outlook the script will launch even as you open the mail. Others, my self included, have the stand that no bad things can happen unless you actually execute the file. But that sure isn't what a lot of people out there thinks! There has been a major amount of miseduation imho in these matters. One thing is to dumb things down to the average user-Joe, but as far as I can tell, what some medias spews out just isn't true! A good example is the one Jafd mentions <I>(I just heard the newsperson on the radio say, "be wary of any and all email and delete any you are unsure of.")</I> What a fux0r?! is all I can utter to those kinds of "suggestions". Leave the techie news-flashes to someone who actually knows about computers.

Hm..I wonder if my first venture into the italic-mode works :)

Oh..and just to stay in topic heh, I have 26 vbs files on my computer...not including the virus that I'll be wanting check. Boy do I hope I don't accidently hit Open on it! Mebbe I should move it to another computer...and only look at it in a sealed vault. With a quick-format script laying around. :)
#28 by "PiRaMidA"
2000-05-06 16:33:21
piramida@usa.net
Firstly, Windows of course is not a secure OS. And, I would not be trying to defend it / say that it is somewhat secure. No.

But, this whole "virus" thing is being spread and does damage not because it's VBScript and not because it's on Windows. Human stupidity is the driving force of this and similar
"viruses". Windows is being used as a media only because it is widely popular, and because most newbies who don't know jack about computers use Windows. If linux would be the dominant OS, it would not be much harder to create a shell script which would rm -rf / and send itself out to the world (not necessarily in that order). As long as there are people who would run the attachment, no matter if it's clicking on the icon or running the file you get via ICQ or executing an attached script, such viruses would be scaring the masses. As for many organizations being hit by that virus, too bad for them. They should try to educate their employees a little bit, or force severe access restrictions on secretary's accounts. As long as people are unaware, suing MS or "virus" writer does serve zero purpose - there would always be some OS and there would always be some destructive-minded kid with above-average knowledge of computers. Long live Internet I guess :)
#29 by "MoodyAllen"
2000-05-06 16:58:25
moodyallen@subdimension.com
Perhaps PlanetCrap could report on the several "variants" that are floating around as well?  Last I heard (from <a href="http://www.arstechnica.com">Ars Technica</A>), there were at least 10 of the suckas out there, some of which that can potentially do <b>more</b> damage than the original ILOVEYOU version (ie the "joke" version).

Everyone recieves a chain-letter joke, so what's stopping folks from reading an attachment just to get a chuckle, then get hit with the virus?  Joke's on them....
#30 by "RahvinTaka"
2000-05-06 17:28:02
donaldp@mad.scientist.com
<b>#20</b> "VeeSPIKE" wrote...
Why does that surprise you? They are still a government entity, that has clerical work that needs to be done, and that work is normally done by people hired off the street. They use WInblows because they almost have to here. Most people learn in the windows environment, and the CIA (and others) do not have the budget to re-train every user in a new system.
</QUOTE>

I bet they have blown their budget today then .. they just cost themselves a fuckload of money ... more than it would cost to retrain staff as they are hired.


<QUOTE>
WHAT? That's like saying prosecute the bank for being robbed. Dumb. While MS should be resonsible for making sure their software is as secure as possible, you cannot hold them accountable for the illegal action of somebody else.
</QUOTE>

hell no .. it's like leaving a loaded gun in a plastic bed under your bed and then when some kid takes off the head with it going oops.

<QUOTE>
The problem IS the virus writer. MS didn't stand over this guy with a gun to hi head and say "write a virus." He did it himself. He is the one that should be held responsible, he is the one who did the deed
</QUOTE>

obviously by you r reasoning it is the drug user that is at fault and not the drug dealer (They were just opening doors ... you didn't have to actually take the drug if ya don't want ..) yer right !<I><B></B></I><I></I><I></I>
#31 by "G-Man"
2000-05-06 18:19:03
jonmars@earthlink.net http://www.shiftlock.org
Firstly I'm sure you are all aware that ILoveYou.txt.vbs is not a virus... it is a worm (and partly a trojan). And to be fair it isn't even a very good one. It is also not dangerous at all, except that it will flood a local network (and overwrite .jpgs). In 99.9% of the people affected, losing their .jpgs and .mp3s will be only a minor annoyance. The script is actually a variant of a few scripts that have been floating around irc for a while (MyPicture.jpg.vbs , etc), and I suspect that the worm was initally targeted at the irc crowd, because really only the irc-type crowd would have a lot of .mp3s and .jpgs. If this were really to be targeted at businesses the script would overwrite .doc or some such.

As for Microsoft being responsible for having a security hole in their products... that's just a crock of shit. This is like blaming TCP/IP or modem technology. Windows scripting host is a very useful (if currently underused) addition to Microsoft's operating systems. For years *nix systems have been able to script anything and everything with a variety of languages, while Windows users have been stuck with batch files. A lot of people use wsh for automating directory backups, installing 3rd party applications, gathering information about a given computer, etc. Perhaps MS should include an option to ignore certain file extensions in Outlook (but I believe they do this already). But really this could have easily been distributed as .lnk .pif or .exe.

I hate how something old becomes news when it happens to idiots.

 - [g.man]
#32 by "Steve Bauman"
2000-05-06 18:21:23
sbauman@adelphia.net http://homepages.together.net/~sbauman/
I got three e-mails with the virus attached (they targetted PR firms... how brilliant is that? People with big e-mail lists sending to journalists and business people with big e-mail lists...), and I run Outlook 2000.

For some unknown reason, my computer has associated VBScript files with my Xing MP3 player, because that was the icon on the attachment. Weird.

Anyway, you needed to specifically launch it to activate it. But one thing that was causing people to launch it (and variants) is that the authors got clever with the naming. If you have Windows set not to view file extensions (which it defaults to, and is probably better for newbies), you couldn't see the .vbs extension. And people could name the file like "joke.jpg.vbs" and all you would see is "joke.jpg" and think it was an image file (nevermind that you shouldn't have been able see the .jpg extension).

I happen to agree with some people that Microsoft really needs to get their shit together with Outlook. I like the program, but security holes like this are unaccptable. One thing to keep in mind is that they may not be the only one with these types of problems, but they're the biggest target with the most users, so their software will always be the ones getting attacked the most.
#33 by "Andy"
2000-05-06 18:34:13
andy@planetcrap.com
Oh good Lord, where to start...

<b>#31</b>, G-Man:
<QUOTE>
Firstly I'm sure you are all aware that ILoveYou.txt.vbs is not a virus... it is a worm (and partly a trojan).
</QUOTE>
So it's a virus then. Virus = program that duplicates itself.
<QUOTE>
And to be fair it isn't even a very good one.
</QUOTE>
It's the most damaging computer virus ever. So clearly it's a good one.
<QUOTE>
It is also not dangerous at all, except that it will flood a local network (and overwrite .jpgs).
</QUOTE>
It overwrites files with these extensions: js, jse, css, wsh, sct, jpg, jpeg, mp3, mp2
<QUOTE>
In 99.9% of the people affected, losing their .jpgs and .mp3s will be only a minor annoyance.
</QUOTE>
Didn't you just say that it only overwrites .jpgs?
<QUOTE>
The script is actually a variant of a few scripts that have been floating around irc for a while (MyPicture.jpg.vbs , etc), and I suspect that the worm was initally targeted at the irc crowd, because really only the irc-type crowd would have a lot of .mp3s and .jpgs.
</QUOTE>
That, and the fact that it looks for an mIRC .ini file and then alters it.
<QUOTE>
If this were really to be targeted at businesses the script would overwrite .doc or some such.
</QUOTE>
True.
<QUOTE>
As for Microsoft being responsible for having a security hole in their products... that's just a crock of shit.
</QUOTE>
Good well-reasoned argument.
<QUOTE>
But really this could have easily been distributed as .lnk .pif or .exe.
</QUOTE>
The fact that the virus author chose to use VB script shows that he thought doing it that way had the greatest chance of success. Considering that no other virus has ever achieved such widespread damage as this one, I'd suggest that he was right and therefore you are wrong.
<QUOTE>
I hate how something old becomes news when it happens to idiots.
</QUOTE>
It's not old, it only happened a few days ago. And not knowing much about computers does not mean you're an idiot, it means you have a life.
#34 by "VeeSPIKE"
2000-05-06 18:34:43
appliedavoidanc@triton.net
<b>#24</b> "Andy" wrote...
<QUOTE>It's like saying prosecute the bank for being robbed when the bank has been robbed half a dozen times in the last year and still insists on leaving the safe door wide open. </QUOTE>

And again, who is at fault, the bank, or the robber? You can argue all you want that the bank made it easy and therefore deserved it, but that doesn't hold water. The robber is the guy at fault. He is the one who made the decision to commit the act, and should be held responsible for it.

In the same way, VB scripts are tools. They are there for a purpose. It is not MS's fault that somebody chose to use that tool in manner that was not intended. Is Stanley at fault if I take a hammer out of my toolbox and crease my neighbor's brainpan with it? No, I am the one who is responsible for my own actions.

I wonder how much of this is just you guys wanting to see MS get it for whatever perceived injustices you think they have committed.
<I><B></B></I><I></I><I></I>
#35 by "None-1a"
2000-05-06 18:38:36
none1a@home.com
i find this hole thin fanny as hell, first off it's easy to close the hole in outlook that allows vbs files to be ran (it's as simple as clicking an option in the internet security section on internet options) MS should have turned this option on by defult since most sites don't use vbs in favor of javascript or CGI (mostly for compatability reasons). If it where turned on a lot more people wouldn't get hit by stuff like this, after all if you don't know better then running files sent to you via e-mail you also don't know how to change these options. There's also another way to prevent this, don't use outlook, endura or netscape mail (well as long as you can get netscape to stop crashing) work just as well and don't have vbs support.

Second about newbes being hit, my mom just bought her first computer a month ago and wasn't dumb enough to fall for this, in fact the all ov the interviews I've seen are quoted as saying 'it came from blomberg so I thought it was save'.

Also vbs scripts are a great way to distribute new software over a network, or doing things like scandisk or defrag with out having to be at the computer that doing it. In a home system there nearly useless.
#36 by "Andy"
2000-05-06 18:39:14
andy@planetcrap.com
FYI, it overwrites .vbs and .vbe files too.
#37 by "Andy"
2000-05-06 18:45:16
andy@planetcrap.com
<b>#34</b>, VeeSPIKE:
<QUOTE><QUOTE>
#24 "Andy" wrote...
It's like saying prosecute the bank for being robbed when the bank has been robbed half a dozen times in the last year and still insists on leaving the safe door wide open.
</QUOTE>
And again, who is at fault, the bank, or the robber? You can argue all you want that the bank made it easy and therefore deserved it, but that doesn't hold water. The robber is the guy at fault. He is the one who made the decision to commit the act, and should be held responsible for it.
</QUOTE>
No, the robber should be punished because he is the one who has committed the crime, but the bank should (and would) be held partly responsible due to negligence.
<QUOTE>
I wonder how much of this is just you guys wanting to see MS get it for whatever perceived injustices you think they have committed.
</QUOTE>
Speaking for myself, not at all. I've never had much of a problem with Microsoft. I recognise that they have done things wrong, but they're not things that fire me up. I'm becoming increasingly irritated by this obvious security flaw, though.
#38 by "PiRaMidA"
2000-05-06 18:47:18
piramida@usa.net http://www.agsm.net
<b>#31</b> "G-Man" wrote...
<QUOTE>Firstly I'm sure you are all aware that ILoveYou.txt.vbs is not a virus... it is a worm (and partly a trojan). And to be fair it isn't even a very good one. </QUOTE>

It is a worm which has some virial (however you spell that) properties :) By "replacing" some mutimedia files with it's copy  it kind of replicates itself and can be spawned again, if the user (supposedly with file extension display turned off) double clicks it. I can't recall a definition for a virus now, but I am pretty sure that self-replication and persistence were present there.

Otherwise, you are right, this definitely looks like an IRC bomb offspring, it even does that usual mIRC script editing to send itself out in .HTM (I did not test it, but I've seen McAffee's report on it)...

Oh, and by the way, I thought WSH is not being installed by default? Correct me if I'm wrong - and I should be, or this worm would not spread as far as making all major offline and online news...<I><B></B></I><I></I><I></I>
#39 by "Sgt Hulka"
2000-05-06 19:20:35
sgt_hulka@yahoo.com http://www.hulka.com
Why do all virus's or is it Virii, what's the plural for Virus, anyone? Bueller?  Anyway, why do they all have to be destructive in nature.  Are their positive virus's out there?  Is it all a media coverup?  They only tell us about the bad virus's, but what if there are positive ones.  Like a virus that gets onto your system, and will do a scandisk and automatically repair bad areas on your hard drive, or more importantly a virus that gives men clothing advice in a British accent at bootup like "Don't wear a Dark Blue Shirt with black pants, that's just cheeky".  Perhaps there is a virus like that, it's just the media doesn't tell us about it!  They don't want us to know about the positive uses of a virusususus!

- Sarge
#40 by "Sgt Hulka"
2000-05-06 19:21:51
sgt_hulka@yahoo.com http://www.hulka.com
Oh Damn it.  They're not Their.  I know better!  I make that mistake a lot.  I'm knot two gud with my own language, I should be shot.
#41 by "OnlyOne"
2000-05-06 21:01:20
onlyone@neteze.com http://www.sloppybits.com
<QUOTE>#34, VeeSPIKE:

#24 "Andy" wrote...
It's like saying prosecute the bank for being robbed when the bank has been robbed half a dozen times in the last year and still insists on leaving the safe door wide open.

And again, who is at fault, the bank, or the robber? You can argue all you want that the bank made it easy and therefore deserved it, but that doesn't hold water. The robber is the guy at fault. He is the one who made the decision to commit the act, and should be held responsible for it.</QUOTE>

I think what Andy's implying is not that Microsoft (our bank) should be charged with any criminal action, that in fact is reserved for the guy who writes the virus (our bank robber), but instead should be forced to look into and fix the security holes in the software (our safe door), if for no other reason, than because there are so many people who use windows, that by not 'plugging' the holes, MS customers (the majority of which are average-joe-enduser) are being left wide open to be preyed on again and again.

The solution is pretty easy, MS fixes the holes allowing these damn things to thrive, and less people will fall victim.

My 2 cents.

Oh yeah.  And dont smoke crack.
#42 by "RzE"
2000-05-06 21:05:51
rze@counter-strike.net http://csnation.counter-strike.net
All forms of ILOVEYOU and it's varients attack mp3s and jpgs, some even attack mpgs also.

Hmm.. Is some right-winged guy trying to crack down on porn and mp3s, or am I an idiot? Maybe both, but we'll never know!<I><B></B></I><I></I><I></I>
#43 by "Bad_CRC"
2000-05-06 21:13:45
<b>#11</b> "Andy" wrote...
<quote><b><i>Prosecute the virus writer and you'll have another virus writer tomorrow. The problem is MS software being left wide open to abuse, and in a way that the average user (the most vulnerable) will have no concept of. </i></b></quote>
 
Dead on, 100% agreeement here.  The press has continually treated these VB viruses as isolated incidents, they never acknowledge the HUGE security hole which is to blame.
 
 
I get angry when a few computer geeks sit around and say people who don't know that a "FOO.TXT" file from a friend is a virus are to blame.  These geeks even forgetting that Microsoft's own default settings hide the extension for known file types.  "oh, the icon is still different"  cmon...
 
I'd venture that better than 90% of computer users aren't geeks like us who could build a system from it's component parts blindfolded, and recognize the danger of a .vbs file as an executable  (I didn't know it was till a similar virus scare about 6 months ago, and I know more about computer shit than 99% of people I work with)
 
The facts are that users should be protected.   Any argument that these types of viruses are easily prevented through proper training and educated users should be immediately withdrawn when it's pointed out that Microsoft's own email was taken down by this virus.  If even they can't prevent it,  it's safe to say that most cant.
 
It should be very obvious, that a security hole so large that one person can take down the entire world and cause billions in lost productivity worldwide in about 12 hours is a MAJOR problem.
 
Microsoft has been aware of macro viruses since 1995, and have done little or nothing to prevent them.  Macro viruses are the most common variety of virus today, all depending on Microsoft's lack of security.
 
I work with these things every day.  I am the guy who gets called to deal with these types of things in my work area.   I see with my own eyes that 95% of people NEVER use these macros available in Microsoft office products, and almost no-one, even in geek circles like PC, uses VBS files.   Yet, about 90% of users (I've dealt with) have experienced a macro virus of some type.
 
The solution is simple.   Leave these options turned off by default,   make the act of enabling them something that takes effort, and could be accompanied by proper training for the 2-5% of people who actually use them.
 
Leaving these options disabled by default, and adding additional security to the Microsoft email programs would have prevented this worm,  it's very clear.   This could have been easily prevented, but Microsoft has not been held accountable for what amounts to the biggest security hole the world has ever seen.


Putting land mines in somebody's front yard, not alerting anyone to the danger, then telling their next of kin that they should have been using a metal detector after they are blown to pieces is very wrong.
 
People trust Microsoft to keep their machines safe and secure (for some stupid reason)  Microsoft has proven again and again that they are not worthy of this trust.
<I><B></B></I><I></I><I></I>
#44 by "Darkseid-[D!]"
2000-05-06 21:26:31
Darkseid@captured.com http://www.captured.com/boomstick
this is why PINE (or WinPine) is such a boon :)


why expose yourself to a risk

run a client which

a) doesnt support HTML
b) doesnt support execution of attachments
c) can parse a file
d) can be fed through a handy virus scanner...


Mind you, its a pain in the ass to use (like most *nix apps) command line everything. So Im lazy, I use Mailwarrior, does everyhing outlook can do (in mail terms) but doesnt have the gaping holes.

better yet, its a 500k .exe .. thats it, nothing more than that and it handles multiple accounts quite nicely thank you very much

Ds
#45 by "Valeyard"
2000-05-06 21:28:27
valeyard@ck3.net http://www.ck3.net
"Why bother arresting the guy who wrote the virus? Why not go after Microsoft?"

Here we go again.

Operating systems are VERY complicated pieces of software.  There will ALWAYS be a way for some creative asshole to exploit a security hole.

MS will continue to find security problems and they'll continue to plug the holes that CAN be plugged...but this won't ever stop.  The holes exist due to the nature of the OS and the inherent power and flexibility that are REQUIRED to make it more robust than a simple OS like DOS.

When you add the POWER to connect your computer to the world, you do so at the RISK of having the world connect to your computer.

.vbs files have a use, and a purpose.  This could just as easily have been an .exe file.  Either way, you still have to open the attachment.

Microsoft DOES need to continue to fix security problems, but in this case, there simply isn't much choice.

People need to be educated that there are now MORE executable file types than just .exe, .com and .bat.  And there's going to be more new ones each year.

Do you really want to get to the point where EVERY time you double-click on something you have to select what application is required to run it??  Because getting rid of file associations is the only real way to stop this.  So, do you want applications and attachements to open on a simple double-click or do you want to decrease productivity and waste time because someone else doesn't understand their computer?

The solution to this problem for outlook users was simple...create a rule that automatically deletes all incoming messages with the subject "ILOVEYOU".  This combined with a little common sense could have minimized the exposure of this virus.  You know why it spread like wildfire?  Because the average computer user is an idiot.

Thankfully this "Blame MS" holds no legal water.

Let's say you buy an apple from the supermarket that someone has injected with cyanide.  If your kid then eats it and dies, do you blame nature/god for not making the skin tough enough to prevent the needle from penetrating??  Can you blame the grocer for carrying it?  It's called sacrifice.  If you want to be able to eat it, then your teeth have to get through...which means other things can get through.

If you want your OS to be powerful and allow you to connect to the world, then the world can connect to you (to some degree).  If people haven't realized by now that the "bad" elements in the "real world" ALSO exist in the networked computer world...too damned bad.

-Valeyard
#46 by "Bad_CRC"
2000-05-06 21:30:24
<b>#42</b> "RzE" wrote...
<quote><b><i> All forms of ILOVEYOU and it's varients attack mp3s and jpgs, some even attack mpgs also.
 
Hmm.. Is some right-winged guy trying to crack down on porn and mp3s, or am I an idiot? Maybe both, but we'll never know!</i></b></quote>
 
I dunno about that, but I work in computer graphics where the artists archive most of their output in jpeg format on a centralized server which is also available to the 30,000 other people in the place.   The virus wiped out 800 files on the server.  it's backed up every night, but a day's worth of work is gone

Since windows users normally see:

<b>Clientname324</b>
 
for the jpeg files in windows, and after the virus hits, they see
 
<b>Clientname324.jpg</b>   when they try to click on the image to see it, they just infected themselves.
 
Again due to Microsoft's RETARDED idea of hiding file extensions, most people never even saw the .vbs extension


my company uses outlook, 30,000 people without email most of the day
big IBM plant in same town uses "lotus notes"...  unaffected.
<I><B></B></I><I></I><I></I>
#47 by "Seth Krieg"
2000-05-06 21:39:56
sdk@rosenet.net http://www.unrealuniverse.com
<b>#45</b> "Valeyard" wrote...
<QUOTE>"Why bother arresting the guy who wrote the virus? Why not go after Microsoft?"

Here we go again.

Operating systems are VERY complicated pieces of software. There will ALWAYS be a way for some creative asshole to exploit a security hole.

MS will continue to find security problems and they'll continue to plug the holes that CAN be plugged...but this won't ever stop. The holes exist due to the nature of the OS and the inherent power and flexibility that are REQUIRED to make it more robust than a simple OS like DOS.

When you add the POWER to connect your computer to the world, you do so at the RISK of having the world connect to your computer.

.vbs files have a use, and a purpose. This could just as easily have been an .exe file. Either way, you still have to open the attachment.

Microsoft DOES need to continue to fix security problems, but in this case, there simply isn't much choice.

People need to be educated that there are now MORE executable file types than just .exe, .com and .bat. And there's going to be more new ones each year.

Do you really want to get to the point where EVERY time you double-click on something you have to select what application is required to run it?? Because getting rid of file associations is the only real way to stop this. So, do you want applications and attachements to open on a simple double-click or do you want to decrease productivity and waste time because someone else doesn't understand their computer?

The solution to this problem for outlook users was simple...create a rule that automatically deletes all incoming messages with the subject "ILOVEYOU". This combined with a little common sense could have minimized the exposure of this virus. You know why it spread like wildfire? Because the average computer user is an idiot.

Thankfully this "Blame MS" holds no legal water.

Let's say you buy an apple from the supermarket that someone has injected with cyanide. If your kid then eats it and dies, do you blame nature/god for not making the skin tough enough to prevent the needle from penetrating?? Can you blame the grocer for carrying it? It's called sacrifice. If you want to be able to eat it, then your teeth have to get through...which means other things can get through.

If you want your OS to be powerful and allow you to connect to the world, then the world can connect to you (to some degree). If people haven't realized by now that the "bad" elements in the "real world" ALSO exist in the networked computer world...too damned bad.
 </QUOTE>

You've just very concisely shown why MS was prosecuted by the DoJ for running a Monopoly.<I><B></B></I><I></I><I></I>
#48 by "Valeyard"
2000-05-06 21:47:39
valeyard@ck3.net http://www.ck3.net
<b>#47</b> "Seth Krieg" wrote...
<QUOTE>You've just very concisely shown why MS was prosecuted by the DoJ for running a Monopoly.</QUOTE>

The only thing in my post that has anything to do with MS's monopoly problems is the underlying theme that in order to make an OS powerful and productive you have to make it robust.

Aside from that, nothing in the post has anything to do with why MS was prosecuted.  (Unless you want to count the other theme - that the general public and most users have NO clue what they're doing on a computer or what is required to make it "usable" - DOJ included)

The easier it is to use, the easier it is to abuse.  You simply can't have it both ways.
<I><B></B></I><I></I><I></I>
#49 by "VeeSPIKE"
2000-05-06 21:50:55
appliedavoidanc@triton.net
<b>#47</b> "Seth Krieg" wrote...
<QUOTE>You've just very concisely shown why MS was prosecuted by the DoJ for running a Monopoly.</QUOTE>

How did anything he said justify the Obstruction of Justice Department's anti-trust suit? Where is the anti-trust violation here?  <I><B></B></I><I></I><I></I>
#50 by "Bad_CRC"
2000-05-06 22:03:05
<b>#48</b> "Valeyard" wrote...
<quote><b><i> #47 "Seth Krieg" wrote...
 You've just very concisely shown why MS was prosecuted by the DoJ for running a Monopoly.
 
 The only thing in my post that has anything to do with MS's monopoly problems is the underlying theme that in order to make an OS powerful and productive you have to make it robust.
 
 Aside from that, nothing in the post has anything to do with why MS was prosecuted.  (Unless you want to count the other theme - that the general public and most users have NO clue what they're doing on a computer or what is required to make it "usable" - DOJ included)
 
 The easier it is to use, the easier it is to abuse.  You simply can't have it both ways.
 </i></b></quote>


Exactly how does making it "usable" mean that you need to leave giant security holes?  
 
Isn't MacOS usable? probably more "usable" than windows, and I haven't heard this kind of thing happening there...

Could you explain how leaving a security hole so large in your product that the entire world can be brought to a standstill by one guy in under 12 hours makes it "usable"?  
 
Could you explain how adding a feature (with no warning, and no choice) for all users which  serves no purpose for nearly all users other than making their systems extremely vulnerable to attack makes it more "usable"?
 
Can you tell me how many more times these types of attacks, which any 12 year old could cause, should be allowed to continue before Microsoft should be held accountable?  Wouldn't most companies fix a hole this big after the first attack?  there have been thousands of different viruses of this type in the past, and Microsoft is very aware of the problem, yet does nothing.
 
I'm very curious.
 
It is possible to have usability without completely ignoring security,  look at every other company besides Microsoft...

This whole <b>"Blame the victim"</b> mentality does not cut it.
 
oh, I get it, you meant it's more "usable" for people who want to attack it.<I><B></B></I><I></I><I></I>
C O M M E N T S
Home » Topic: Love, Love Me Do, You Know ILOVEYOU

|«« - Previous Page - Next Page - »»|
P O S T   A   C O M M E N T

You need to be logged in to post a comment here. If you don't have an account yet, you can create one here. Registration is free.
C R A P T A G S
Simple formatting: [b]bold[/b], [i]italic[/i], [u]underline[/u]
Web Links: [url=www.mans.de]Cool Site[/url], [url]www.mans.de[/url]
Email Links: [email=some@email.com]Email me[/email], [email]some@email.com[/email]
Simple formatting: Quoted text: [quote]Yadda yadda[/quote]
Front Page (ATOM) • Submission Bin (2) • ArchivesUsersLoginCreate Account
You are currently not logged in.
There are currently 0 people browsing this site. [Details]