CIS Help
Request Form

Lab Shakes Off Latest "Love Letter" Virus with Barely a Sniffle

While some other DOE labs and organizations shut down their email systems earlier this month to protect themselves from the "love letter" virus, here at Berkeley Lab our email service was uninterrupted and the effects of the virus were minimal. The preparedness and quick action of LBNL's computer security team, along with the security awareness of the entire Lab staff, allowed the Lab to conduct business as usual.

We were helped by the fact that the Microsoft Outlook email application, which this virus uses to propagate itself, is not widely used at the Lab, since our standard is Netscape Messenger. Nevertheless, when news of the "ILOVEYOU" virus arrived early Thursday morning (May 4), the security team immediately started working to update the virus wall on the Lab's email server, and a security alert was sent to all Lab email addresses warning everyone not to open the "love letter."

Before the virus block was in place, about 650 copies of the virus were received at 250 lbl.gov addresses. However, only four computers were actually infected by opening the email attachment, and only three copies of the virus were sent out from Lab computers. Computer Protection Program Manager Jim Rothfuss gives credit to the security awareness of Lab staff who minimized the damage by not opening the email attachment. The updated virus wall intercepted 300 more incoming copies of the "love letter" and prevented delivery.

Rothfuss warns that there are several new variants of the "ILOVEYOU" virus in circulation. One variant claims to include a joke, another claims to include an invoice for an expensive Mother's Day gift you bought. The most recent variant claims to be a fix for the virus from Symantec, the company that makes the Norton virus protection software. This one includes an attached file called "protect.vbs" which is just another version of the "ILOVEYOU" virus. The Lab has created a Web page with more information about the "ILOVEYOU" virus

There will probably be many variants of this virus over the next few weeks. We will not always have advance warning of them. To protect your computer, do not click on (open) any email file attachment with a file name that ends in ".vbs" ("vbs" stands for Visual Basic Script). But beware: On a default Windows system, the ".vbs" extension is not visible, and you may only see ".txt". To be really safe, never open an unknown email attachment.

For more information on computer security, or to report a security problem, go to http://www.lbl.gov/ICSD/Security.

Computerworld magazine recently published an interesting article on malicious software, including viruses, worms, Trojan horses and zombies. The article describes the different types of nasty applications and their plague-like spread over the past few years. Read the article.