A new virus — a variant of the Love
Letter VBScript worm that made its way around the world a little more
than a year ago — has turned up on the Net, luring recipients of the e-mail
that delivers it to open it with promises of nude photos of Jennifer Lopez.
The offer of photo to trick recipients into launching a virus is not new.
Dutch hacker OnTheFly used the same technique to trick people around the world into opening the Anna Kournikova
virus earlier this year.
This version — dubbed alternately JENNIFERLOPEZ_NAKED.JPG.vbs,
VBS.Loveletter.CM@mm or VBS.Lopez.a@mm — packs an even more destructive
payload than the original LoveLetter, because in addition to destroying
multimedia files, it delivers and executes yet another virus: W95/CIH, also
known as Chernobyl.
“The payload delivered by JenniferLopez-Naked consists of searching for and
overwriting code on specific files found on the hard disk,” said Panda
Software, which Friday gave the virus its highest risk, distribution and
damage threat levels. “Affected files will lose their content and the VBS
extension will be added at the end. If the worm finds MP3 or MP2 files, it
creates a copy of the original file, which remains hidden. These files will
also be overwritten with the worm code and the VBS extension will be added
to them.
“Additionally, the worm will generate a file called W95/CIH in the Windows
installation folder. This file is infected by the well-known and dangerous
W95/CIH virus. Once this file has been created, the worm will ensure its
execution.”
Chernobyl seeks out and destroys Windows 95, Windows 98 and Windows NT
executable files. It then tries to destroy the computer by attacking the
FLASH BIOS, preventing the computer from booting up.
The virus arrives as an e-mail with the subject, “Where are you.” The
message is “This is my pic in the beach” and the attachment which delivers
the payload is JENNIFERLOPEZ_NAKED.JPG.VBS.
While Panda Software has rated the virus a high risk, Symantec has only
given it a moderate threat rating. Other firms have yet to report
infections.