On Sat, May 13, 2000 at 04:23:43PM -0700, Arun Sharma typed:
> On Fri, May 12, 2000 at 10:09:08PM +0530, Govind Chandra wrote:
> > Are you suggesting that there is a version of this ILOVEYOU worm
> > which is capable of deleting files on a Linux machine? Some more
> > details will be greatly appreciated.
Here's an actual one floating around - from the Sensible Security Advisory
list.
--
Suresh Ramasubramanian | sureshr at staff.juno.com
Coincidences are spiritual puns.
-- G. K. Chesterton
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Date: Sun, 7 May 2000 15:01:14 -0400
Subject: Sensible Security Advisory - (low) Unix/LoveLetter.A, (medium)
VBS.LoveLetter.K
Name: Unix/LoveLetter.A
Type: Worm
Platforms: Unix
Status: not known to be in the wild
Threat: low
The following has been derived from information obtained from Norman Data
Defense.
At this time, this variant has not been found in the wild, and is expected
to have a limited spread potential due to compatibility issues.
Virus Characteristics
=====================
UNIX/LoveLetter.A is a variant of the VBS/LoveLetter.A virus ported to the
UNIX environment.
The virus uses a so-called shell script which will email itself to all
addresses found in the files ".muttrc" and ".mailrc", as well as user
names picked from the local password file etc/passwd.
The virus uses the UNIX standard mail program mailx to do this.
The e-mail consists of the following:
Subject line: I LOVE YOU
Body text: (none)
Attachment name: Loveletter.sh
This virus is also started at every login, as the virus file name is
inserted into the Bourne Again Shell startup file ".bashrc".
Payload
=======
The payload for this variant is as destructive as the original
VBS.LoveLetter. The virus will attempt to delete all files with the
following extensions:
JPG, JPEG, MPG, GIF
The virus will not overwrite them as the original virus did.
===========================================================
-----------------------------------------------------------------------
For more information on the LIH mailing list see:
http://lists.linux-india.org/lists/LIH
