VBS/LoveLetter.B (aka VeryFunny, VBS.LoveLetter.C)
Subject Line: Very Funny.vbs
Attachment: fwd: Joke
HTML File: Very Funny.HTM
Droped Files: MSKernel32.vbs Win32DLL.vbs WinFAT32.exe
Download files: WIN-BUGSFIX.exe
Overwritten Files: vbs vbe js jse css wsh sct hta jpg jpeg
Hidden files: mp3 mp2
MessageBody: none VBS/LoveLetter.C
(detected as VBS/LoveLetter.A, aka VBS.LoveLetter.B)
Subject Line: Susitikim shi vakara kavos puodukui...
Attachment: LOVE-LETTER-FOR-YOU.TXT.vbs
HTML File: LOVE-LETTER-FOR-YOU.HTM
Droped Files: MSKernel32.vbs Win32DLL.vbs WinFAT32.exe
Download files: WIN-BUGSFIX.exe
Overwritten Files: vbs vbe js jse css wsh sct hta jpg jpeg
Hidden files: mp3 mp2
MessageBody: kindly check the attached LOVELETTER coming from me.
VBS/LoveLetter.D
Subject Line: Mothers Day Order Confirmation
Attachment: mothersday.vbs
HTML File: mothersday.HTM
Droped Files: MSKernel32.vbs Win32DLL.vbs
Download files: none
Overwritten Files: vbs vbe js jse css wsh sct hta ini bat
Hidden files: mp3 mp2
MessageBody: We have proceeded to charge your credit card for the amount of $326.92
for the mothers day diamond special.
We have attached a detailed invoice to this email. Please print out the attachment and
keep it in a safe place.Thanks Again and
Have a Happy Mothers Day! mothersday@subdimension.com
VBS/LoveLetter.E
Subject Line: Important ! Read carefully !!
Attachment: IMPORTANT.TXT.vbs
HTML File: LOVE-LETTER-FOR-YOU.HTM
Droped Files: ESKernel32.vbs ES32DLL.vbs WinFAT32.exe
Download files: WIN-BUGSFIX.exe
Overwritten Files: vbs vbe js jse css wsh sct hta jpg jpeg
Hide files: mp3 mp2
MessageBody: Check the attached IMPORTANT coming from me !
VBS/LoveLetter.F
Subject Line: Dangerous Virus Warning
Attachment: virus_warning.jpg.vbs
HTML File: Urgent_virus_warning.htm
Droped Files: MSKernel32.vbs Win32DLL.vbs
Download files: setup24.exe
Overwritten Files: js jse css wsh sct hta wav txt gif doc htm html xls jpg jpeg
Hidden files: mp3 mp2
MessageBody: There is a dangerous virus circulating. Please click attached picture
to view it and learn to avoid it.
VBS/LoveLetter.G
Subject Line: Virus ALERT!!!
Attachment: protect.vbs
HTML File: protect.HTM
Droped Files: MSKernel32.vbs Win32DLL.vbs
Download files: none Overwritten Files: vbs vbe js jse css wsh sct hta jpg jpeg mp3
mp2 com bat
Overwritten Files: vbs vbe js jse css wsh sct hta jpg jpeg com bat
Hidden files: mp3 mp2
MessageBody: Appears as a letter from Symantec Customer Service.
VBS/LoveLetter.H
Subject Line: Bewerbung Kreolina
Attachment: BEWERBUNG.TXT.vbs
HTML File: BEWERBUNG.HTM
Droped Files: MSKernel32.vbs Win32DLL.vbs WinFAT32.exe
Download files: WIN-BUGSFIX.exe
Overwritten Files: vbs vbe js jse css wsh sct hta jpg jpeg
Hide files: mp3 mp2
MessageBody: Sehr geehrte Damen und Herren!
Note: German, pretending to be a resume.
VBS/LoveLetter.I
Subject Line: Important ! Read carefully !!
Attachment: IMPORTANT.TXT.vbs
HTML File: LOVE-LETTER-FOR-YOU.HTM
Droped Files: ESKernel32.vbs ES32DLL.vbs WinFAT32.exe
Download files: WIN-BUGSFIX.exe
Overwritten Files: vbs vbe js jse css wsh sct hta jpg jpeg mp3 mp2
MessageBody: Check the attached IMPORTANT coming from me !
Note: Internal differences to the E variant in the code.
VBS/LoveLetter.J (aka VBS.LoveLetter.N)
Subject Line: LOOK!
Attachment: LOOK.vbs HTML
File: LOOK.HTM
Droped Files: MSUser32.vbs User32DLL.vbs WinFAT32.exe
Download files: WIN-BUGSFIX.exe Overwritten Files: vbs vbe js jse css wsh sct hta
xls mdb lnk exe
Overwritten Files: vbs vbe js jse css wsh sct hta xls mdb
Hidden files: lnk exe
MessageBody: hehe...check this out.
VBS/LoveLetter.K
Subject Line: Thank You For Flying With Arab Airlines
Attachment: ArabAir.TXT.vbs HTML File: no-hate-FOR-YOU.HTM
Droped Files: MSUser32.vbs User32DLL.vbs WinFAT32.exe
Download files: WIN-BUGSFIX.exe
Overwritten Files: vbs vbe js jse css wsh sct hta dll exe
Hidden files: sys dll
MessageBody: Please check if the bill is correct, by opening the attached file.
VBS/LoveLetter.L (see VBS/LoveLetter.Q)
VBS/LoveLetter.M (aka VBS/LoveLetter.K)
Subject Line: How to protect yourself from the IL0VEY0U bug!
Attachment: Virus-Protection-Instructions.vbs
HTML File: Virus-Protection-Page.HTM
Droped Files: MSKernel32.vbs Win32DLL.vbs WinFAT32.exe
Download files: WIN-BUGSFIX.exe
Overwritten Files: vbs vbe js jse css wsh sct hta jpg jpeg
Hidden files: mp3 mp2
MessageBody: Here's the easy way to fix the love virus.
VBS/LoveLetter.N (see VBS/LoveLetter.J)
VBS/LoveLetter.O (detected as VBS/LoveLetter.A)
Subject Line: ILOVEYOU
Attachment: LOVE-LETTER-FOR-YOU.TXT.vbs
HTML File: LOVE-LETTER-FOR-YOU.HTM
Droped Files: MSKernel32.vbs Win32DLL.vbs WinFAT32.exe
Download files: WIN-BUGSFIX.exe
Overwritten Files: vbs vbe js jse css wsh sct hta jpg jpeg
Hidden files: mp3 mp2
MessageBody: kindly check the attached LOVELETTER coming from me.
Note: This variant didn't have author's comments. "Khaled Mardam-Bey" is
replaced with "Bla Bla Bla"
VBS/LoveLetter.P
Subject Line: Variant Test
Attachment: IMPORTANT.TXT.vbs
HTML File: IMPORTANT.HTM
Droped Files: sndvol32.vbs IEAKDLL.vbs
Download files: none
Overwritten Files: vbs vbe mpeg avi qt qtm mpg
Hidden files: mpeg mpg
MessageBody: This is a variant to the vbs virus.
VBS/LoveLetter.Q (aka as VBS/LoveLetter.L)
Subject Line: Yeah, Yeah another time to DEATH...
Attachment: Vir-Killer.vbs
HTML File: LOVE-LETTER-FOR-YOU.HTM
Droped Files:
Download files: Vir-Killer.exe (file not posted)
Overwritten Files: vbs vbe zip rar
Hidden files: asm pas
MessageBody: This is the Killer for VBS.LOVE-LETTER.WORM.
Note: This variant will not spread through mIRC.
VBS/LoveLetter.R
Subject Line: PresenteUOL
Attachment: UOL.TXT.vbs
HTML File: UOL.HTM
Droped Files: MSKernel32.vbs Win32DLL.vbs
Download files: none
Overwritten Files: vbs vbe js jse css wsh sct hta jpg jpeg
Hidden files: mp3 mp2 exe com ini
MessageBody: O UOL tem um grande presente para voce, e eh exclusivo. Veja o arquivo
em anexo. http://www.uol.com.br
VBS/LoveLetter.S (detected as VBS/LoveLetter.J)\
Subject Line: LOOK!
Attachment: LOOK.vbs
HTML File: LOOK.HTM
Droped Files: MSUser32.vbs User32DLL.vbs WinFAT32.exe
Download files: WIN-BUGSFIX.exe
Overwritten Files: vbs vbe js jse css wsh sct hta xls mdb
Hidden files: mp3 mp2
MessageBody: hehe...check this out.
Note: Similar to J variant. The only difference is it overwrites mp3, mp2 instead
of lnk and exe.
VBS/LoveLetter.T
Subject Line: Recent Virus Attacks-Fix
Attachment: BAND-AID.DOC.vbs
HTML File: BAND-AID.HTM
Droped Files: MSKernel32.vbs Win32DLL.vbs
Download files: Overwritten Files: vbs vbe js jse css wsh sct hta bat jpg jpeg gif
tif tiff wav lnk bak doc xls rtf txt htm html ml mny zip bmp cab inf mp3 mp2
Overwritten Files: vbs vbe js jse css wsh sct hta bat jpg jpeg gif tif tiff wav lnk
bak doc xls rtf txt htm html ml mny zip bmp cab inf mp3 mp2
Hidden files: none
MessageBody: Attached is a copy of a script that will reverse the effects of the
LOVE-LETTER-TO-YOU.TXT.vbs as well as the FW:JOKE, Mother's Day and Lithuanian Siblings.
Note: Minor change in the text in mIRC script.
VBS/LoveLetter.U
Subject Line: I Cant Believe This!!!
Attachment: KillEmAll.TXT.vbs
HTML File: killer.HTM
Droped Files: killer1.vbs killer2.vbs WinFAT32.exe
Download files: WIN-BUGSFIX.exe
Overwritten Files: vbs vbe js jse css wsh sct hta gif bmp
Hidden files: wav mid
MessageBody: I Cant Believe I Have Just Recieved This Hate Email .. Take A Look!
Note: This variant will not spread through mIRC.
VBS/LoveLetter.V (detected as VBS/LoveLetter.A)
Subject Line: ILOVEYOU
Attachment: LOVE-LETTER-FOR-YOU.TXT.vbs
HTML File: LOVE-LETTER-FOR-YOU.HTM
Droped Files: MSKernel32.vbs Win32DLL.vbs WinFAT32.exe
Download files: WIN-BUGSFIX.exe
Overwritten Files: vbs vbe js jse css wsh sct hta jpg jpeg
Hidden files: mp3 mp2
MessageBody: kindly check the attached LOVELETTER coming from me.
Note: Exact same code as A variant, with programming format.
VBS/LoveLetter.W
Subject Line: IMPORTANT: Official virus and bug fix
Attachment: Bug and virus fix.vbs
HTML File: Bug and virus fix.htm
Droped Files: MSKernel32.vbs Win32DLL.vbs
Download files: none
Overwritten Files: vbs vbe js jse css wsh sct hta exe com dll sys pwl txt
Hidden files: none
MessageBody: This is an official virus and bug fix. I got it from our system admin.
It may take a short while to update your system files after you run the attachment.
VBS/LoveLetter.X (detected as VBS/LoveLetter.A)
Subject Line: ILOVEYOU
Attachment: LOVE-LETTER-FOR-YOU.TXT.vbs
HTML File: LOVE-LETTER-FOR-YOU.HTM
Droped Files: MSKernel32.vbs Win32DLL.vbs WinFAT32.exe
Download files: WIN-BUGSFIX.exe
Overwritten Files: vbs vbe js jse css wsh sct hta jpg jpeg
Hidden files: mp3 mp2
MessageBody: kindly check the attached LOVELETTER coming from me.
Note: With extra comments in the code
VBS/LoveLetter.Y (detected as VBS/LoveLetter.S)
Subject Line: ILOVEYOU
Attachment: LOVE-LETTER-FOR-YOU.TXT.vbs
HTML File: LOVE-LETTER-FOR-YOU.HTM
Droped Files: MSKernel32.vbs Win32DLL.vbs WinFAT32.exe
Download files: WIN-BUGSFIX.exe
Overwritten Files: vbs vbe js jse css wsh sct hta jpg jpeg
Hidden files: mp3 mp2
MessageBody: kindly check the attached LOVELETTER coming from me.
Note: With extra comments in code
Fonte Computer Associates
|