Worm alert! LOVELETTER gets nastier

Security software maker Symantec warned computer users and businesses of a new, destructive worm -- apparently based on ILOVEYOU -- that had hit three Israeli and European clients by Thursday night.

Aside from spreading by mailing itself out to everyone on the Outlook address book, the virus also deletes all files on the victim's computer -- and any mapped, network drives -- by setting the files' lengths to zero.

"For most users, if you are infected with the virus, it means you need to have your machine rebuilt," said Vincent Weafer, director of the Symantec AntiVirus Research Centre, referring to rebuilding the computer's files from backup.

The malicious code is mailed to users as an apparent attachment from a friend, with the subject line "FW:" followed by a random file name. The attached file has that name plus the .VBS extension.

For example, the worm might find the file "mydoc.txt" on the user's system and send off a message with the subject line "FW: mydoc.txt" and an attachment of "mydoc.txt.vbs".

The current variant also adds a twist found in other viruses: Polymorphism.

The worm adds a few characters to its script's comment lines, thereby changing the length and "fingerprint" by which most virus software recognises the code for what it is. That feature could make the virus harder to stop.

There are three ways to stop the virus, said Weafer.

Click here for Protection against the dangerous new ILOVEYOU variant.

Would you prosecute British Gas for making it possible to put your head in the oven and turn the gas on? Chris Long is taking no prisoners with this one, he accuses users who got the ILOVEYOU virus of having the IQ equivilent to a pin mould.

What do you think? Tell the Mailroom. And read what others have said.

Go to ZDNet's ILOVEYOU Special Report