How does the virus work?
Please see the Sophos
diagram.
Where did the virus start out?
The virus itself claims to come from Manila in the Philippines.
How do I get it?
It usually arrives by email.
Who does it come from?
- It doesn't come directly from the author of the virus.
- It usually comes from someone you know who already has the
virus.
- The virus is sent automatically.
- The sender is unlikely to have sent it to you
deliberately.
What does it look like?
Various versions exist. One has an email subject "ILOVEYOU".
Another claims to be a "Joke" called "VERY FUNNY". A third says
"Susitikim shi vakara kavos puodukui..." (Lithuanian for "Let's
meet this evening for coffee"). A fourth tells you it is a "Mothers
Day Order Confirmation".
Does this mean all other emails are safe?
No! Any email can contain a virus. Exercise caution. You should
certainly never open an attachment you were not expecting.
So if anyone sends me the virus, I'm infected?
No! The email has an attachment which it asks you to open. If you
double-click the attachment, you get infected. If you simply delete
the email, you will not be infected.
But can't I get infected just by reading or even deleting the
email?
No! Some people are saying so. But as with most email viruses, you
have to activate the attachment by double-clicking on it.
So why is it spreading so fast?
Because many people blindly trust attachments. If an email says
"check this attachment", people do. This is like taking sweets from
strangers in the street. Don't do it.
But what if I launched the attachment?
You are probably infected. Read on to learn how to clean up.
How do I check if I'm infected?
If you use Sophos Anti-Virus (SAV), download the latest virus
identities (IDEs), which include fixes for the LoveLetter viruses.
Apply the identities and use SAV to scan your computer. If you are
not a SAV user, you can download a copy of the product for a 30-day
trial.
If I find the virus, how do I clean up?
Simply tell SAV to delete infected files.
Why can't I disinfect files and get the originals
back?
When the virus infects files, it overwrites them. So removing the
virus means removing the entire file - the original contents are
lost.
Have I infected other people?
If you use Microsoft Outlook, the virus will send itself to
everyone in your address book.
Do I need to tell people that I might have infected
them?
Usually this is regarded as common courtesy. But because this is a
pandemic, sending a follow-up warning will simply add to their
email load.
What can I do next time?
- Don't blindly trust attachments.
- Never open an unexpected attachment.
- Don't assume that an email is safe just because it comes from
someone you know - they could be infected themselves.
- Make sure you know how to update your anti-virus software
quickly.
- Avoid sending around jokes and stupid attachments yourself, as
it encourages people to treat them as "mostly harmless".
Everyone I know has had this virus. What will the total cost
be?
Already, people are jumping to conclusions, which vary wildly. This
is unwise because it can be confusing. But we know that the author
of the Melissa virus, who was caught and convicted, admitted to
causing damages of US$80,000,000. So we can use this as a guideline
in this case.
Is it true the virus author has been caught?
According to media reports a 27 year old computer analyst working
for an Asian bank was detained on Monday 8th May by the authorities
in Manila. A woman who shared the man's apartment is also expected
to help the authorities with their enquiries.
Obviously it is not known at this stage whether they are
connected to the virus in any way. Even if the author is caught
their virus will continue to cause problems for some time to
come.
How many copycats will there be?
As mentioned above, there have already been several. We recommend
that you keep in contact with the Sophos website to watch for
changes in the situation. But trying to guess the total number of
copycats is only likely to cause fear, uncertainty and doubt.
Are all the copycats
dangerous?
Some of the copycats we have received do not actually work. This
has caused confusion as some anti-virus companies seem to be
treating these as "viruses", even though they cannot spread.
Clearly, this exaggerates the size of the problem.
Many of the broken copycats produce an error display such as the
one below. Please do not try to repair them, for obvious
reasons!
Is the worst over?
Probably. But experience suggests that once a virus is out of the
box, it is very hard to get it back in again. For example, the Form
virus is nearly 10 years old and still commonly reported. Also,
don't forget that there are over 50,000 viruses, with thousands of
new ones each month. As the LoveLetter problems die down, do not
relax your vigilance!
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.