Major corporations around the world - including TrainingZONE's parent company the Sift Group - have been hit by a new email virus this morning.
The virus is the lead story on all major news channels because of its potency and spead of spread. Companies large and small are suffering with crashed mail systems in particular. The latest report is that the whole UK parliamentary system has gone down.
The virus was launched in the Far East early this morning (UK time); at TrainingZONE, we received our first infected email at 09:30.
The virus is spread by a mail message with the subject line "ILOVEYOU". This email has no body text, but carries a file attachment, LOVE-LETTER-FOR-YOU.TXT.vbs, that triggers multiple mail messages to all the people listed in the user's address book.
Microsoft Outlook is particularly vulnerable but users of all mail programmes should treat any such message with extreme care.
DO NOT OPEN any such file attachments directly from the email in-tray.
Our technicians are working on fixes for our own systems, and this is the best advice we can offer at the present time (but, obviously we cannot guarantee full accuracy):
- Contact your network adminstrator to seek further company advice.
- When you open your email programme, change the display window setting to list the emails only; if at all possible do not allow messages to be previewed in the lower half of your email screen.
- When you download emails to your computer, don't open any of them. Look through the list for any email with the title 'ILOVEYOU' or similar. Be particularly wary if the sender is someone you know (i.e. you're likely to be in their address book). Delete these messages without previewing or opening them. TrainingZONE's technical team warned that the virus may be activated by Outlook's preview function. To delete mails without previewing them, select them with the RIGHT mouse button and then choose the "delete" option from the pop-up menu. (NB: selecting the item with the left mouse button automatically previews the mail message. Avoid doing this.)
- Empty you email programme's Trash folder to completely remove the emails.
- Next, go to the folder where your email programme stores attachments. Look at the full list of attachments for any with a title like 'LOVE-LETTER-FOR-YOU.TXT.vbs'. Do not open this attachment under any circumstances. Delete the attachment. Then empty your computer's Trash / Recycle Bin.
- Use your email programme's automatic filtering capabilities to set up a filter which transfers all emails with ILOVEYOU in the subject line direct to the Trash.
- Go to the website run by the virus protection software installed on your computer (e.g. Symantec, McAfee or similar) - check your anti-virus software - and monitor their site for a downloadable patch to kill this virus. All the anti-virus software companies are working overtime to produce a patch today, but their sites are under intense pressure.
If you do receive such mails, notify your network manager immediately. AccountingWEB's technical team warned that the virus may be activated by Outlook's preview function. To delete mails without previewing them, select them with the RIGHT mouse button and then choose the "delete" option from the pop-up menu. (NB: selecting the item with the left mouse button automatically previews the mail message. Avoid doing this.)
The "VBS.LoveLetter.A" virus was first reported on 4 May and classified by the Symantec Anti-Virus Research Centre as an email worm and file infector. It attacks systems files including: MSKernel32.vbs and Win32DLL.vbs in the Windows directory; WinFAT32.EXE and WIN-BUGSFIX.EXE in the Internet download directory; and script.ini in the mIRC directory.
At TrainingZONE, many staff have been affected by the virus. Since it was first detected, we have completely closed our email programmes to prevent the issue of any infected email. Due to partial closure of some computers, we are unable to maintain our usual flow of news and updates onto the site today. By this evening, we anticipate having full detection and eradication procedures in place across our entire network.