Not strictly a rumour or news but it seems the following virus is causing more hassle then the usual ones. I have therefore posted a link below to the relevant thread on the Computer/Internet Forum.

Don´t want any of you to fall foul of this one - particularly as so many PPRuNe members have MY email address in their address books!

WWW
http://www.pprune.org/ubb/NonCGI/Forum35/HTML/000254.html




[This message has been edited by Wee Weasley Welshman (edited 04 May 2000).]

Don't you want us to tell you we love you then WWW?

SID,

Unless you are covered in wool and have Velcro patches stuck to your @rse, youv'e got no chance with WWW - see profile for WWW.

I love you too XXXXXXXXXXX

With the greatest of respect WWW - BULL****!

This isn't a rumour - it's NEWS! And every news network in the world is carrying it on the front page.

And it can and has impacted the airline industry - ask Velvet Strokes.

Take this one Very Seriously people! I just lost more than 10 000 (yes, TEN THOUSAND) jpeg files.

DO NOT EVEN OPEN ANY E-MAIL WITH "ILOVEYOU" AS THE SUBJECT

-------
Feline
(I Sit, I Watch, but I sure as hell ain't Smilin')

Excuse my rant, but this is not the place to make fun of people like this. Many people on the forum, myself included, are greatly in-debted to WWW for his invaluable help especially to wanabees and in my opinion it is simply not fair to treat anyone in this way!

Here endeth the rant!

Kobuta,

WAKE UP!

Newswatcher posted the warning here on R&N @ 1035Z today.
Some winker closed it and transfered the topic to the Comp forum.
Aparently some moderators don't listen to the news.
This virus has effected millions of PCs within the first 12 hours today, it's more dangerous than Melissa.

DO NOT use your search engine to look for this virus, as this will open the email, use your eyes and look for " SUBJECT: (Fwd) Iloveyou
TRASH IT and then empty your trash bin immediately every day.
It will only be in mail rec'd in the last 24 hours.(4.5.00)

Feline is correct.

It's true. A friend works at an aluminum smelter located here, and they got nailed this AM. The early shift hadn't heard the newscasts, and someone opened an e-mail.

http://cnn.com/2000/TECH/computing/05/04/iloveyou.03/index.html
Read this and you will weep!

Norton Anti-Virus now has a LiveUpdate available to protect you from this virus. However, the TV news seems to think that a mutated version called 'Joke' or something is also on the loose.

I just hope that when they catch the b@stard who wrote this virus that they boil him alive in his own excrement!!

The mutant could show up in the subject line as
(Fwd) Joke
or similar. Treat it the same way as 'iloveyou'

Blackadder, I am the 'winker' who moved the thread to the Computer forum. Same place this one is going. It might be news but it isn't aviation.

I suggest you get a an Apple Mac as they don't suffer from these worm type viruses.

Just because something is 'News' doesn't automatically mean that it belongs on this forum. It's about time people realised that you don't open attachments unless you ordered them.

Mind you, because so many people are like sheep and follow the rest by buying 'MS Windows' based computers you can always expect this kind of problem to occur. Anything that uses Microsoft software is open to easy attack and is likely to give you grief at some time or another.

If you don't like MacOS then go for Linux.

------------------
Capt PPRuNe
The Professional Pilots RUmour NEtwork

Captain,

Some of us really do prefer the MS operating system to MAC ;) ;) ;)

But Capt. PPrune is dead right that you don't open anything that you were not expecting! In addition, it's always a good idea to set Word and Excel and any other MS Office application to give the option to enable or disable macros by default before opening documents.

Likewise any "ececutable" (.exe .com .vb-anything)files should never be run unless you are absolutely sure of the origin.

:mad: :mad: Remember that Pretty Park came with the apparent signature of somebody you knew (the virus extarted it from the address book of the sending computer, same as it extracted your email address from the same source!)

Kobuta - I had and have the greatest of respect for the moderators of these forums, and I was not attacking WWW - but I was questioning his risk assessment. Please don't construe that as a personal attack (and apologies if it was taken as such).
And I respectfully and humbly disagree that this is not of interest to the air transportation industry. It may not (directly) cause aircraft to drop out of the sky, but there are a lot of systems on which the industry depends (for example - rostering systems - which are not trivial) which may use e-mail which can cause a fair amount of chaos. This is Denial of Service (DoS). It may not be Mission Critical, but it can (and does) cause organisational chaos which ripples out and has all sorts of unanticipated effects.

And Capt PPRuNe - feeling smug because you're using an Apple Mac doesn't really help the situation - the fact remains that a lot of people do use Windows (whether they like it or not) and this is a serious problem, not only to the world as a whole, but to the airline industry too.

You're right - in many ways Windows sucks, but a "holier than thou" attitude doesn't help.

And plenty of people have been hit (myself included) even though they took reasonable precautions. I suspect that the really masty and scary bit about this virus is that it overwrites files that the poor unsuspecting users (and other applications on the computer) don't realise are infected.

------------------
Feline
(I Sit, I Watch, I Smile)


[This message has been edited by Feline (edited 05 May 2000).]

Captain PPRuNe
My friend works for a company that has
Corporate policy that purchases COE standard equipment/ software - so no choice about MAC, no matter how much in love with them u r.

She did not open any attachment, just tried to delete the mails she received, that activated the virus today. Yesterday received 15 mails and unfortunately, due to its nature this was sent to several hundred people on her global address list.

It attacked and destroyed .jpg files. These are graphics and were valuable and irreplaceable.

Please everyone most of the people who were affected were not tyros, and it got through a firewall, an active virus scanner (network and locally installed) etc. Little use saying 'you should do this or that', if neither of those worked and they didn't in this case, and in corporate life you often get attachments you didn't order. This mail came from apparently trusted souces, and people who would have received it from her assume it's okay.

The problem lies not in the attachment, but just in receiving the mail. No use blaming the victims, it is the offender who should be made to pay.

And anyone who thinks this doesn't affect them, please realise that the cost of this will be counted in millions. No-one yet knows the side effects and the consequences.

Next time, they may threaten to do worse and guess what - who would not pay to avoid vital and life saving systems being affected by a similar virus (piggy-backed on email). Remember a lot of these companies have installed systems which run your business and have email access to the airline industry. Who can guarantee that next time planes, air traffic and other airline related systems would not be brought to a halt, or hospitals, traffic signals etc.

It is really scary stuff chaps



[This message has been edited by ANGELONE (edited 05 May 2000).]

Dear Winker,
If you bothered to read the info about this virus you wouldn't be so damned arrogant. :mad:

This virus launches itself without opening the attachment.
Just opening the email launches it.

That is what is so dangerous about this one.

BTW, If Macs were so bloody good, why aren't we all using them!

[This message has been edited by blackadder (edited 05 May 2000).]

I am under the impression that hackers get a big kick out of the thought that thousands of people are being messed about by their creation. Perhaps this explains why they don't write viruses for Macs.

Hold on there boss. This is a computer/internet issues forum and the very place NEWS like this should be on wouldn't you say.

Problem is that this virus appears to have some mates INSIDE it, like "FUNNY JOKE".vbs and two more. Let em lose and everyone is in trouble. This forum could suffer too since its contributors have addresses on it.

BTW Mac has ONLY 5-9% of the total computer sales so Microsoft is BOUND to be number ONE.
It then follows that Mac puters are the lucky ones - but for how long? Some brainless hacker might decide that Mac is next, then the MS guys will be smug as hell!

Anyway, giving due warning, and other help to colleagues on this forum is what makes it tick. This virus is very real and very very dangerous!

Here is an extract from ZDnet telling how to disable the Windows Scripting tool which allows E-Mail Viruses to work on your PC.

Blame Bill Gates
Linux and Mac users are happily immune to the ill effects of ILOVEYOU, which depends upon the Windows Scripting Host to get launched once it's triggered on the user's computer.

And that's where Microsoft needs to belly up to the table.

It's been more than a year since ExplorZip should have sent a wake-up call to Microsoft about the dangers of Visual Basic scripts running in e-mail.

The silence from Redmond has been deafening.

Microsoft has always been about features, features, features. But in its mad rush to throw everything into its products but the kitchen sink, the company has given security criminally short shrift.

At this point, the user community should say the heck with it and follow this six-click recipe for sanity.

Settings.

Control Panel

Add/Remove programs

Windows setup

Accessories

Unclick Windows scripting host

Really obvious. Something your cousin Moe from Saskatchewan is surely going to know right off the bat.

Yeah, right.

I don't think it's too much to ask Microsoft to make sure your e-mail won't get maliciously manipulated by some cyberschmuck.

More updates were available from Norton A-V this morning (178Kb)
Update now!

Velvet Strokes,

"Dunnit" straight away! Any idea if we lose any important facilities by doing that? Soulds a good way to stop Visual Basic "nasties", but is it going to stop my Excel macros working?

(I also instructed our "IT lad" to do the same for the rest of the company)

BlackAdder,

I always thought you had to run the attachments to get "hit" (although I know it could be possible to add some unpleasant HTML code to an email which would "hit" users with HTML enabled, but can't think how else you can getzapped just by reading the TEXT of an email - please enlighten!

Just in case, I turned off the "preview" on my Outlook Express last week (thanks to warnings on PRuNe beating the news services to it!)

I just hope that someone does not work out a way to send viruses via UBB code (shouldn't have said that!!!!)

Even if you disable Host Scripting (as described by Velvet Strokes above) it seems possible to run a Visual Basic Script file if wscript.exe is present on your system.
To make absolutely sure that you can't get infected or re-infected, do the following two things:

1) Search for wscript.exe using the "Find" function from the Start Menu (it should be in the Windows root folder). Rename it wscript.xex.
That way it won't run, but if you really need it at a later stage, you can simply rename it back to .exe and it will run.

2) Remove the file association between Visual Basic Script (.VBS) files and wscript.exe: Double Click on the "My Computer" icon, choose "View", "Options", "File Types" and scroll down to "Visual Basic". Click "Remove" to get rid of this file association.

I would STRONGLY recommend you take these two steps because there are now so many variants of the original LoveBug virus floating around that you could get caught at some time in the future when all the current fuss has died down. And some of the variants do even nastier things than the original.

This may come across as applying belt and braces after the horse has bolted, but I suspect that Visual Basic Scripts execute when selected (single click) and not when executed (double click). I base this on the observation that when I was trying to clear up my system and simply "select" some .jpg.vbs files to delete from Windows Explorer, the little bugger tried to execute (but I had renamed wscript.exe by this time, so windows just grumbled).

If this is the case (and I'm not about to waste yet more time trying to prove the point), then a lot of folk may be re-infecting their systems while trying to tidy it up using Windows Explorer.


------------------
Feline
(I Sit, I Watch, I Smile)

ExSimGuy,

I don't think that disabling Host Scripting will nobble Excel and Word Macros, because they are not Visual Basic Scripts, they are native to the applications (ie. Excel and Word interpret them without needing wscript.exe). Of course, if you include a Visual Basic Script within the macro then it would be a problem, but I suspect that most people don't aspire to that level of deviousness). (Mind you with some of the people that hang around these forums, that is of course a possibility, but my observation is that they tend to be devious - or deviant - in other ways). See too my previous post.

------------------
Feline
(I Sit, I Watch, I Smile)

ExSimGuy,
Mate, I'm buggered if I know how it launches itself,
I'm just going by the reports here and elsewhere on the Net.
Luckily, I have never setup MSMail or Netscape Mail.
I've been using Eudora Pro 3.05 since it was introduced, (in pref to Pro4.05)
When my only 'Loveletter' arrived, I dumped it without opening it, and poured a large G & T :)
Why chance it?