Loveletter Worm (fwd)

Luke Kenneth Casson Leighton lkcl at
Fri May 5 06:13:36 GMT 2000

<a href=" mailto:lkcl at" > Luke Kenneth Casson Leighton    </a>
<a href=""  > Samba and Network Development   </a>
<a href=""      > Samba Web site                  </a>
<a href=""        > Macmillan Technical Publishing  </a>
ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals

---------- Forwarded message ----------
Date: Thu, 4 May 2000 13:10:48 -0400
From: Russ <Russ.Cooper at RC.ON.CA>
Subject: Loveletter Worm

Seems quite a few people have been hit with a new worm called Loveletter.

I received a number of copies from infected folks, as well as several other
warnings. I opened an infected message using Outlook 2000 with my customized
zone settings (basically, everything set to prompt) and was not prompted at
all (or warned in any way.) This, of course, on a system with no AV

This means, to me at least, that infection comes as a result of actually
clicking on the attached VBS (Visual Basic Script).

Of course its possible that other email clients might automatically invoke
the script, particularly I assume HTML-based packages.

I offer, once again, my two works on dealing with email and security;


Neither are intended to be a complete solution. You should contact your
support group and find out what, if anything, you need to do to ensure your
anti-virus programs are up-to-date. I know that Symantec, Datafellows, and
even NAI have updated definitions available for this latest wave.

Regardless of how much you might think someone is going to send you a love
letter, you should treat any anonymous email as you would a knock at your
door at 3:00am in the morning...

I was particularly disturbed at receiving infected messages from RSA
Security, Inc. and Xerox Corporation...oh how even the mighty can fall.

Russ - NTBugtraq Editor
"dot-age" (as in "we're in the dot-age") = senility (source Webster's)

More information about the samba-ntdom mailing list