LOVE-LETTER-FOR-YOU.TXT.vbs

So it has happened again. A short bit of malicious computer code has managed to replicate itself across an estimated 10 million Windows based computers around the globe. Damages are expected to exceed 10 billion dollars in lost time, data and productivity. Last time it was the Melissa virus, this time it is the “Love Bug” worm. So named for the e-mail headline “ILOVEYOU” used by the worm to spread itself to others, the e-mail contains an attachment called “LOVE-LETTER-FOR-YOU.TXT.vbs”, which is the worm itself. Anyone running Windows who launched this application was in for an unwelcome surprise, as they helped the worm replicate itself further.

The infection process is destructive, but not nearly as bad as it might have been: if any version of MS Outlook as in use, everyone in the address book is e-mailed a copy of the worm. Then several classes of files on all attached hard-drives, local or remote, are overwritten with a copy of the worm. A few other methods of replication are used, and finally Internet Explorer is configured to download an executable the next time it’s launched, or if it’s already been downloaded, the executable is set to run at the next reboot.

One might question why it is that Windows seems to be the most common target for these types of attacks, with 10 to 15 new viruses, worms and trojans seen a day for the platform. The one reason is surely that it’s smart to target the largest host base, but it’s also an unfortunate truth that Windows is a very easy host to infect. With many different macro and scripting languages available directly from the operating system and from within applications, it becomes trivial for anyone to be destructive if they choose.

While the Love Bug needed a human to directly launch it before it could do its damage, Melissa and many others are hidden in macros contained in Word or Excel documents. How many times have you just clicked “OK” to the warning about macros without looking to see what they actually did, or have you turned that warning off entirely? To make things even more convient, but less secure, Outlook can be configured to auto-launch Word or Excel when viewing an e-mail containing such documents.

As an analogy, think of a large society with most people living in straw huts, storing gasoline in open containers. They pass laws making it illegal to send packages of matches with messages asking the recipient to “strike as directed”, but there’s no way to trace shipments. Now, in your honest opinion, who’s most at fault: the people living amounst the accelerant, or the people who keep shipping matches, lighters and barbecue starters? Or, more directly, who’s likely to be the most harmed?

Perhaps an extreme view, but one worth considering the next time someone sends you something to run, view or edit on your computer, even someone you know. Turn off Script Hosting, ActiveX controls and document macros. Maybe even use a test computer disconnected from the Internet, or an emulated environment inside a virtual machine. After all, those living in straw huts should be careful of things which might catch fire.

Published in the Victoria Business Examiner.

Write a comment