RealTime IT News

Promises of Jennifer Lopez Nude Deliver Destructive Virus

A new virus -- a variant of the Love Letter VBScript worm that made its way around the world a little more than a year ago -- has turned up on the Net, luring recipients of the e-mail that delivers it to open it with promises of nude photos of Jennifer Lopez.

The offer of photo to trick recipients into launching a virus is not new. Dutch hacker OnTheFly used the same technique to trick people around the world into opening the Anna Kournikova virus earlier this year.

This version -- dubbed alternately JENNIFERLOPEZ_NAKED.JPG.vbs, VBS.Loveletter.CM@mm or VBS.Lopez.a@mm -- packs an even more destructive payload than the original LoveLetter, because in addition to destroying multimedia files, it delivers and executes yet another virus: W95/CIH, also known as Chernobyl.

"The payload delivered by JenniferLopez-Naked consists of searching for and overwriting code on specific files found on the hard disk," said Panda Software, which Friday gave the virus its highest risk, distribution and damage threat levels. "Affected files will lose their content and the VBS extension will be added at the end. If the worm finds MP3 or MP2 files, it creates a copy of the original file, which remains hidden. These files will also be overwritten with the worm code and the VBS extension will be added to them.

"Additionally, the worm will generate a file called W95/CIH in the Windows installation folder. This file is infected by the well-known and dangerous W95/CIH virus. Once this file has been created, the worm will ensure its execution."

Chernobyl seeks out and destroys Windows 95, Windows 98 and Windows NT executable files. It then tries to destroy the computer by attacking the FLASH BIOS, preventing the computer from booting up.

The virus arrives as an e-mail with the subject, "Where are you." The message is "This is my pic in the beach" and the attachment which delivers the payload is JENNIFERLOPEZ_NAKED.JPG.VBS.

While Panda Software has rated the virus a high risk, Symantec has only given it a moderate threat rating. Other firms have yet to report infections.