How to protect yourself against the Love Bug

Archived Articles, Computer Security

Question: The real heart of the “I Love You” e-mail virus/worm problem that seems to be going largely undiscussed is e-mail client software that is script-enabled. Does the tiny amount of convenience it affords really outweigh the latent mayhem it enables? Why won’t Microsoft let Outlook users disable it? How are you going to protect the users who can’t stop themselves from clicking on attachments? Downloading the latest anti-virus definitions does nothing towards solving the real problem. –J.S.

Answer: The “I Love You” worm, the virus that wrought havoc on the Internet last week, used Windows scripting which, you’ll be pleased to hear, can be disabled. I explain how at the bottom of this column.

Windows scripting is an option that allows tasks to be automated in Windows 98 and Windows 2000. It will also run on Windows NT 4.0 with an option pack installed.

To recap, the worm, which is a virus that spreads across a network, was distributed as an e-mail attachment. It appeared with “I Love You” in the subject line and in the body of the e-mail was: “Kindly check the attached LOVELETTER coming from me.” Many of us love-starved humans opened the attachment called “LOVE-LETTER-FOR-YOU.TXT.vbs” although, if you check the name of the attachment, the .vbs may be hidden because that’s what identifies the file as a script, not the text file it’s presented as.

The virus used Windows scripting technology to destroy files and then e-mailed itself out to every address in the Windows address book. The virus was also spread via Internet Relay Chat between chatters who use the mIRC program.

The destructive part of the virus, called the payload, cannot run by itself. The recipient must open the mail, double-click on it (thereby launching the payload), and answer “yes” to a dialog box that warns of the dangers of running untrusted programs. Files that were overwritten by the virus include those with the extensions: vbs, vbe, js, sje, css, wsh, sct, hta, jpg, jpeg. Files ending in mp3 and mp2 were hidden. Copies were then infected with the malicious code.

The worm has since been adapted and there have been more than a dozen variants reported. So how can you protect yourself? That’s a tough one. If scripting had been turned off in advance, you would have stopped the virus from spreading when the attachment was opened. If not, no anti-virus program could have stopped the virus.

A virus signature (sometimes called a virus definition) that will recognize the malicious programming has to be written and then installed before the damage from any particular virus can be stopped.. When the “I Love You” virus was detected, anti-virus software makers quickly posted signature files to their websites, but by then the damage had been done.

Symantec Norton AntiVirus owners can download their signatures at http://www.symantec.com. McAfee Virus Scan software owners can download their signatures from http://www.mcafee.com. If you have another anti-virus program, most reputable vendors have posted protection from the Love Bug on their websites. Users who rely on free demo versions of an anti-virus software won’t be able to update their virus signatures. If you don’t have an anti-virus program, you can buy one from your local software retailer, or visit the TechnologyTips software library and search for anti-virus) for a wide variety of titles to pick from.

Meanwhile, here’s how to disable Windows scripting:

  1. Click Start > Settings > Control Panel > Add/Remove Programs.
  2. Then, click on the Windows Setup tab.
  3. Next, double-click on Accessories to get the details and, if Windows Scripting Host is checked, un-check it.
  4. Click OK.

It’s also worth noting that updates to Outlook 97, Outlook 98, and Outlook 2000 that make it more difficult to launch attachments inadvertently are available. For more information, see this article by Microsoft.

This is not the end of this kind of virus or worm. In fact, the problem is getting worse. The last virus of this kind was the relatively innocuous Melissa virus. The “I Love You” virus and its multiple variants had a malicious payload, and I fear that the next one will be worse.

What can the technology companies do? The answer is . . . not much. Microsoft has done what it can. So have the anti-virus companies. But the fundamental problem is that this virus was engineered to take advantage of our human curiosity. This means that the we, the humans driving the computers, have the primary responsibility for staying informed and taking reasonable precautions.