Re: [Full-disclosure] RE: Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You"

Symantec Antivirus detected and removed it as "VBS.LoveLetter.CI"

version 10.0.1.1000
engine 61.1.0.11
defs 2006/05/03 rev.18

----- Original Message ----- From: "Peter van den Houten" <petervdh@xxxxxxxxxx>
To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Sent: Thursday, May 04, 2006 4:39 PM
Subject: [Full-disclosure] RE: Panda Antivirus Enterprise Secure, Norton Antivirus 2005 and the virus "I Love You"


My ISP caught it:
-----------------
The Orange virus filtering service discovered a virus or unauthorised code (e.g. spyware or trojan) in an email sent to you.

Message sender: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
Message recipient(s): petervdh@xxxxxxxxxx
Message subject: [Full-disclosure] RE: Panda Antivirus Enterprise Secure,
Message date: Thu, 4 May 2006 13:32:26 +0200 (CEST)
Message size: 8.84Kb

The e-mail contained this virus or unauthorized code:
>>> [VBS/LoveLetter-MM]

On 5/4/06, *Joxean Koret* <> wrote:

Sorry, the email was sended without the attachment.

---
Regards,
Joxean Koret

> Attached goes a working "I Love You" virus in which
> I
> changed ONLY the variable "dirsystem" with the name
> "kk2" (The file attached have the extension
> ".txt.gz",
> otherwise, with the .vbs extension the file will be
> locked by all the most populars anti-viral
> toolkits).

Disclaimer:
~~~~~~~~~~~

The information in this advisory and any of its
demonstrations is provided "as is" without any
warranty of any kind.

I am not liable for any direct or indirect damages
caused as a result of using the information or
demonstrations provided in any part of this
advisory.

----------------------------------------------------------------

Contact:
~~~~~~~~

Joxean Koret at joxeanpiti<<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Re: [Full-disclosure] Flash that simulates virus scan
    ... pdp: "military grade exploits? ... Flash that simulates virus scan ... Full-Disclosure - We believe in it. ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Re: [Full-disclosure] Flash that simulates virus scan
    ... Flash that simulates virus scan ... Full-Disclosure - We believe in it. ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • [Full-disclosure] Help!
    ... What I would like to ask is whether it is a "common" phenomenon, or does it mean a virus attack? ... Subject: [Full-disclosure] Shell32.dll.124.config ... Full-Disclosure is hosted and sponsored by Secunia. ...
    (Full-Disclosure)
  • Re: [Full-disclosure] Flash that simulates virus scan
    ... resulting to se in a pen test cuz you cant break any of the actual machines? ... after the "virus scan" was finished, the user was prompted for a "Download ... Full-Disclosure - We believe in it. ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Re: [Full-Disclosure] New Win32 Worm regsvc32.exe offers rootkit features
    ... (such as Registration Service = "regsvc32.exe") ... [Full-Disclosure] New Win32 Worm regsvc32.exe offers rootkit features ... worm on her win2k desktop. ... > I was not able to remove the virus, so i plugged the machine of the net ...
    (Full-Disclosure)