Wow, there's a fun little VB Script virus making the rounds in record time. According to this CNN.com article, the thing was unheard of until late yesterday afternoon in Hong Kong, but personally I'm already hearing about a lot more infections than I ever did with Melissa.
Short version: If you get an e-mail from somebody with the subject line "ILOVEYOU", don't open the #$@!'ing thing!!! If you do get infected, go to this site for a cleaner.
The virus operates in several different ways. First, it pulls the standard "e-mail myself to everyone in the address list" trick. Second, it writes some entries to the registry so it'll get executed every time the system is rebooted. It also reconfigures Internet Explorer to download a Trojan Horse program of some sort from one of four different locations on the web. According to the site that has the cleaner program, the Trojan opens your system up to other computers on the Internet.
Looking at the virus code, it also appears to infect the popular IRC client MIRC. It either creates or edits an .ini file that causes an infected user's computer to send the virus to everyone on an IRC channel, whenever that user enters a channel. Nasty. If somebody on IRC tries to send you "LOVE-LETTER-FOR-YOU.HTM", don't accept it.
Meanwhile, Symantec's web site appears to be deader than a doornail at this point; talk about bad timing. If you're reading this and you're a Systems Administrator, don't rely on your anti-virus software to catch this one; the virus is too new to be recognized. Send warnings to your users now. If any machines get infected, download the cleaner program mentioned above; the chances of you cleaning this thing off by hand (and getting it all) are pretty slim.
On a more general note, here's a question for everybody out there: Does anybody in the real world use .VBS files for anything but viruses? Part of this is me being cynical, but I have another point behind it; if you changed the file associations on .VBS files to Notepad, it would break these things in a heartbeat. I'm just wondering if it'd break anything besides viruses. If you have any insight on this, click on the comment link and let me know.
Update: According to this instruction sheet for cleaning the virus (thanks to Slashdot for the link), for a file ending in these extensions: "vbs, vbe, js, jse, css, wsh, sct, hta, jpg, jpeg, mp3, mp2" the virus will write a copy of itself to the same filename with a .vbs extension, then delete the original. Example: You have an MP3 on your hard drive called "My Song.mp3". The virus writes itself to "My Song.vbs" and then deletes "My Song.mp3". This then happens to every .mp3 file on your hard drive. Bad, bad things. This thing has the potential to be the Black Death of MP3 and pr0n collections.
It appears that the cleaner script referenced above does not clean up files created in this manner, giving rise to the possibility of reinfection. The instruction sheet referenced in the paragraph above gives instructions for cleaning them off, but it basically involves indiscriminately deleting every .vbs file on your hard drive. Hopefully an Undelete utility of some sort would be able to get back most of your JPEGs and MP3's in this case. Be very careful.
|Lenovo ThinkCentre and ThinkPad machines pack AMD PRO APUs||7|
|iOS 10.1 update includes portrait mode beta for iPhone 7 Plus||1|
|Biostar belatedly announces GTX 1060 graphics cards||9|
|HyperX Alloy keyboard gets lean and mean for FPS gaming||6|
|AMD drops prices on the Radeon RX 460 and RX 470||49|
|Reports: Radeon RX 470D is a budget Polaris card for China||9|
|Examining reports of slow write speeds on the 32GB iPhone 7||32|
|Cellular Insights dissects iPhone 7 Plus modem performance||11|
|Deals of the week: scads of high-performance storage and more||9|
|A real "console monitor" would be 720p @ 30 Hz ;P||+63|