 |
|
 | technology > computing |
![[CNN Money]](http://i.cnn.net/cnn/images/main/fn.logo.newsnet.gif){kind=logo}
![[SI.com]](http://i.cnn.net/cnn/images/main/si.logo.gif){kind=logo}
( | |
 |
|
| |
| |
EDITIONS: | |
MULTIMEDIA: | |
E-MAIL: |
Subscribe to one of our news e-mail lists. Enter your address: |
DISCUSSION: |
CNN WEB SITES: |
 |
TIME INC. SITES: |
CNN NETWORKS: |
|
SITE INFO: |
WEB SERVICES: |
'Mother's Day' virus plays on heart strings but does more damage
(CNN) - As if it wasn't bad enough to give "love" a bad name, a new virus targets something even closer to our hearts: Mom.
Anti-virus company F-Secure Corporation is warning computer users Friday about a new variant of the "ILOVEYOU" virus, called "Mother's Day."
 | ALSO | |
|
| ||
 | MESSAGE BOARD | |
| ||
The new code is remarkably similar to the original, showing how easy it is to make slight changes and re-release the malicious file. But instead of targeting picture and music files, as the original does, "Mother's Day" goes after critical .INI and .BAT files, which are throughout a user's hard drive.
Without those files, most basic computer settings and simple scripts are gone. Most computers would fail to run at all.
The "Mother's Day" virus gets its name from its disguise. The e-mail has the subject line "Mothers Day Order Confirmation," and has this text in the body of the e-mail:
"We have proceeded to charge your credit card for the amount of $326.92 for the Mother's Day diamond special. We have attached a detailed invoice to this e-mail. Please print out the attachment and keep it in a safe place. Thanks Again and Have a Happy Mother's Day!"
Again, the e-mail contains an attachment called "Mothersday.vbs" that contains the virus. It also proliferates through the Microsoft Outlook address book. Researchers at F-Secure are still checking whether it also deletes .INI and .BAT files on networked resources.
Mikko Hypponen, manager of anti-virus research at F-Secure, predicted the copycats, partially due to the plain-text nature of the virus.
"It's trivial for anybody to understand how it works," Hypponen said to CNN.com. "To modify the virus is relatively easy, and to change what the e-mail says is trivial."
He also suggests that users uninstall "Windows Scripting Host," part of the Windows operating system. Hypponen has detailed instructions on how to do so on F-Secure's Web site. He notes that he has noticed no ill effects at all from uninstalling the feature, which assists users in building VisualBasic Scripts.
"If you uninstall it, these viruses won't affect you now or forever," Hypponen said.
This is actually the fifth recorded variant of the worm. The first was the original. The second was modified in Lithuania, and contains a subject line that states "Let's meet this evening for a cup of coffee" in Lithuanian. The third has a subject field of "fwd: Joke," and an attachment called "Very Funny.vbs". The fourth is almost identical to the original, with slight modifications, according to F-Secure.
Since all of them are so similar, the anti-virus update files released by major anti-virus software companies will detect and remove all the variants.
RELATED STORIES:
'Melissa' May Have Built a False Sense of Security
May 5, 2000
Facts about the computer love bug
May 4, 2000
Destructive 'ILOVEYOU' computer virus strikes worldwide
May 4, 2000
Viruses boom on the Net
January 18, 2000
RELATED SITES:
F-Secure Virus Info Center
Symantec Worldwide Homepage
Symantec AntiVirus Research Center
Note: Pages will open in a new browser windowExternal sites are not endorsed by CNN Interactive.