Most Dangerous Variant of VBS/Loveletter Yet

[From Exchange Messaging Outlook, an occasional newsletter about Microsoft Exchange and Microsoft Outlook.] A new variant of the VBS/Loveletter virus is loose today. Officially dubbed VBS.NewLove.A or VBS.Loveletter.FW.A, this virus disables Windows systems by replacing all files not in use. Like Loveletter, it propagates through Microsoft Outlook, but only if an unwitting user runs the VBScript .vbs file payload. It uses randomly chosen attachment names and subject lines to try to disguise itself in the e-mail messages it sends. These pages from antivirus tool vendors have more information: Symantec's Web site
Trend Micro's Web siteAntivirus tool vendors should have updates available. You might also want to review the Outlook antivirus protection recommendations at Slipstick.com.

Outlook Email Security Update
Microsoft plans to release a patch for Outlook 98 and Outlook 2000 (with the Office Service Release 1 update) next week that will disable many of the features that allowed the VBS/Loveletter (aka ILOVEYOU) virus to spread so quickly. The new patch will make it impossible to open program files in Outlook--including executable .exe files and VBScript .vbs files like those that spread Loveletter.

The optional patch is also aimed at making it more difficult for a virus to use Outlook to transmit itself via email. However, this "Object Model Guard" feature, as described on Microsoft's Web pages, will break some Outlook functions. In other cases, a user will need to authorize access by outside programs, including tools for synchronizing with PDAs such as the Palm or Windows CE devices. Microsoft has posted extensive information on this patch for users, administrators, and developers, starting at its Office Update Web site. Slipstick.com's own page on the patch offers additional information and will include details on what utilities are affected by the patch.