My not-so-funny Valentine - News - Security

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Australia.
--------------------------------------------------------------

My not-so-funny Valentine

By Robert Vamosi, 0
February 15, 2001
URL: http://www.zdnet.com.au/news/security/soa/My-not-so-funny-Valentine/0,130061744,120157126,00.htm

Valentine (Valentine.A) is a new worm that bears some similarity to the KAK worm which infected users throughout 2000.

Valentine will run whenever Windows is started, and spreads by attaching itself to every e-mail sent through Outlook. Valentine is a mass mailing worm that will attempt to send e-mail to every address listed in the Outlook address book. Valentine also changes Internet Explorer's default page to point to a Web site (now shut down) from which the worm can download a potentially destructive payload onto an infected computer. With the downloaded payload in place, Valentine will attempt to delete every file from the C:/ drive and rename every folder by adding the text happysanvalentine (for example, C:\Programs\MyDocuments\Excelhappysanvalentine) on the 8th, 14th, 23rd, or 29th day of any month. Even though the damaging component is no longer available, Valentine could still slow down e-mail servers.

How it spreads
Valentine.A arrives as an e-mail with the following:

Subject: blank
Body: anything
Attachment: none

Valentine spreads by imbedding itself to the HTML-format signature file of every outgoing Outlook e-mail and attempts to send itself to every address listed in the Outlook address book. Microsoft has issued a patch for the vulnerability in ActiveX that allows worms like Valentine to infect. Users should download the scriptlet.typelib/Eyedog patch, if they have not already done so.

Removal
At the moment, only Sophos and McAfee have posted updated signature files. Other anti-virus software vendors are expected to follow shortly.

Prevention

Here are the key steps for preventing Valentine from breaking your PC's heart:

Download Microsoft's Outlook Security Patch.
"Don't open attachments!" One way to prevent virus infections is not to open attachments, especially when viruses such as Valentine are being actively circulated. Even if the e-mail is from a known source, be careful. A few viruses take the mailing lists from an infected computer and send out new messages with its destructive payload attached. Always scan the attached files first for viruses. Unless it's a file or an image you are expecting, delete it.
Stay informed. Did you know that there are virus and security alerts almost every day? Keep up-to-date on breaking viruses and solutions.
Get protected. If you don't already have virus protection software on your machine, you should.
Scan your system regularly. If you're just loading anti-virus software for the first time, it's a good idea to let it scan your entire system. It's better to start with your PC clean and free of virus problems. Often the anti-virus program can be set to scan each time the computer is rebooted or on a periodic schedule. Some will scan in the background while you are connected to the Internet. Make it a regular habit to scan for viruses.
Update your anti-virus software. Now that you have virus protection software installed, make sure it's up-to-date. Some anti-virus protection programs have a feature that will automatically link to the Internet and add new virus detection code whenever the software vendor discovers a new threat.