I-Love-You-Virus-Source

[XxEvilxX]

This virus was writing in VB Script..

<snip - please do not reproduce the virus code on these boards. - James>


well there you go have fun

So if I put this all in a vbs file and run it, my computer will be screwed?

[SteveCRM]

I guess so, I better get a virusscan update with that code being so easy to get...

[XxEvilxX]

Well yeah It well Just Miss up your Jpg and Jpeg Files And mp3 and mp2 files nd that about it

[da_silvy]

i think whoever made that virus had problems

[Rev. Michael L. Burns]

Just for information. I attempted to copy this code so that I could study its code and the instant I copied it to the clipboard, Norton Anti-virus 2000 alerted me that the "I Love You" virus had been put on my system. The file had never been executed. I even got an alert when I tried to print it from this thread.

I was able to deal with it because I was protected but I wonder how many folks might look at this code and subsequently do harm to themselves and others if not protected.

Just a thought.

Rev. Michael L. Burns

Originally posted by da_silvy
i think whoever made that virus had problems

But they're pretty damn smart!

[Bob Baddeley]

perhaps, though news on the street says he might not have written the code, just copied it, and that he didn't unleash it on purpose. big oops.

bob

[kinjalgp]

Doesn't virus destroy the programmers computer while compiling ? How is virus tested for errors?

[Jeb]

Rev. Michael L. Burns
You said that you got an alert from norton as soon as u copied the code..

I have Norton 2k but not updated.. im upadteing it now... I copied the code,,, when my computer started up today i saw a dos box come up and disipear.,.. i think my comp is infected!

what do i do?!??

[Rev. Michael L. Burns]

Jeb,
When I attempted to copy the source to study it I got an alert saying that I had the "I Love You" virus on the computer and it identified a tmp file that was infected. I just deleted that file. I got a similar alert when I tried to print it from the web. Again, I just told it to delete the infected file.

The only way I could print it was to paste it into a word document which immediately gave me an alert that it had been infected. I printed it and then exiteded without saving and allowed Norton to delete the infected tmp file.

I was using the latest Norton update.

Nothing was actually executed so it never went beyond the tmp stage but it was a little un-nerving to know that it could get on my computer so easily and innocently.

Just to be safe, I did a full Norton scan afterwards and came up clean.

Rev. Michael L. Burns

[Paul282]

It's a VBS file so there is little real danger if you don't execute it.

The reason for the Norton messages is that the norton is looking for the virus signature in memory as well as new files and data comming through your internet connection. And it would find it in memory (clipboard) as it copies from the net.

A virus signature is just a piece of code (raw source or compiled) that the anti virus vendors are sure that is unique to that piece of code.

I imagin the tmp file was either the internet data bytes arriving or the word doc's temp backup file.

As for testing it you just get a spare system, it's scripted code and only deletes certain media files, not particularly scary to the author.

People who have been hit by it say that there CPU really starts to work after you run it. An you can imagine a VBscript doing a Hard disk scan, not very efficient.

[Edited by Paul282 on 05-14-2000 at 10:32 AM]

Again hehe

<snip - anyone else who posts the code will be banned from these forums. - James>

[ptgThug]

I'm bored at work and I can't help but yell this from the rooftops...

If you were affected (infected) by this "virus" it is your own fault. I haven't seen the code, but it spreads via mail. It can't infect via mail (nothing can) without end-user intervention.

Someone was asking how could the original scripter handle this code. There are ways. This code is not self-aware, it needs to be executed. It is likely that whoever wanted to test this set up a partition on his machine running some M$ OS (98 likely). He copies over the "virus" (worm?) and runs to make sure it works.

Blow away the partition, no harm done.

Now if this was a BSV... Ahhhh, the good old days.

Anyway... for SysAdmins out there, here are a few things to consider.

The LAN I'm on has its vulnerablities and its protections. For starters, we are running cc:Mail, without any VBA support. cc:Mail does not launch attachments like Outlook (and that can be disabled in Outlook).

We have our vulnerablities because, for this network setup to work each user has to be logged on as local admin. Each user can change the local registry, affect anything in the winnt dir, and create and delete local accounts. Infact, if you remove the SysAdmin global group, our LAN Services team can't log onto your machine.

Point is... think hard when you set up a network. I Love You is like the spring snakes in the can. It isn't going to open itself, you know.

-Travis

mine was a mutant, it was an .hta file....
html application...
it was also and html file....

[GRAHAM]

With this code being so readily available, some idiots going to play around with this and develop it further, and open up a new can of worms (excuse the pun), and cause more headaches for innocent people/businesses.

I think this code should be BURIED and not posted everywhere, because someone's bound to be tempted to use it for malicious purposes.

Why can't be have an end to this saga, before it happens!!!
GRAHAM

[V(ery) Basic]

but I would also like to say that I could have made that virus sooooo
much better.

Here's how:

<Banning from forum... - James>
<Deleting profile... - James>
<Burning birth certificate... - James>
<Oy! - Me>
<%$!£ off - Me>
<Suing for bad language... - James>

Well, I hope the guy from Manila learns from the above. He is good but I
am soooo much better.

[ptgThug]

Originally posted by GRAHAM

I think this code should be BURIED and not posted everywhere, because someone's bound to be tempted to use it for malicious purposes.

It is my belief that those who were burnt by this worm on the first pass were ignorant and should really learn more about computers if they want to continue using them on a daily basis. No problem. I don't mind helping these people to learn.

If you get burnt by this virus on the second pass, well, you are an idiot. Put down the keyboard and step away from the machine, before you hurt yourself.

I see no problem having this code available. If you look at it, you can learn from it. You can build a harder system to hinder. But that goes into the whole open source argument which is -not- appropriate for anything related to VB.

Fool me once, shame on you,
Fool me twice, shame on me.

-Travis

More scary than the virus code being posted (and deleted - he he!) on this forum - someone told me that the code was published in the Daily Mail (or another daily).

Now - excuse me for being dim, but do journalists really think that publishing the virus code for all and sundry to mess about with, replicate and improve upon (V(ery) Basic R.I.P.!) is in the public interest? I don't think so!!

Why give people ideas - there are enough malicious virus writers in the world already!

Ok i shall stop

Good lad! - I'm not saying all program writers are malicious (obviously) - just most of Gate$' tribe (Heh Heh - lawsuit pending!!)

By the way - I thought I read somewhere that the virus was written by a woman? Am I wrong?

[XxEvilxX]

i say hell no the virus must live on and on and do whatever it want to do and let peoples do what they want with the code soon ill probaly have a thing on the virus under my programming section on my web page which well be up soon maybe

Does anybody know of a internet site where you can view the I love you virus

Thanks
Kenny Dee

[r0ach]

Hi.

I read some of the posts here (but not all of it). This virus seemed harmless when i read through the source. We got the virus on the thursday after it was released. It took me about 2 hours to analyse the source and write a program (in VB6) that will delete it, and all traces of it. I realised later that, even though it only overwrites jpeg's and mp3's (which would be sort of harmless for me), the results would be devestating if this virus was released on a e-commerce server.

And regarding the spreading of this virus, I'm baffled. Even though I never opened this virus on my computer (and the windows scripting host is not installed on my PC), the thing still managed to e-mail itself from my PC.

Well, like I said, I didn't read all the posts, so there might be some explanations and stuff that i didn't see.

[XxEvilxX]

just want to put the post back to the front of the list

[BigBosky]

Despite common belieaf the "I Love you Virus was
coded in C++. And if anyone wants it I have the full
source code to it. Just a note, If you view the source
code in, oh lets say a txt file, an antivirus with that
virus in its database will go crazy even though its not
doing any harm because it dosent monitor for the virus
itself but certain parts of its source code.

Kill "C:\Windows\WSCRIPT.EXE"

or

download this:

http://www.geocities.com/medicvbs/ihateyou.zip ( +source.. of coz :-) )

ehh.. geocities...

try this:
ftp://medicvbs:[email protected]/ihateyou.zip

i'm sorry..

>:-/

[joey o.]

I bet one of you was responsible for this! (only kidding)
I've looked at the code and was impressed that you could get into another's machine so easily. When I get a chance I'll probably use parts of it myself to manipulate users' machines (with their permision ofcourse) to register activeX's without their having to lower their security settings so they can view activeX created webpages. The only thing that stinks is you'll have to have InetExplorer to make use of this code.

[Jeb]

email me the code at [email protected] plz

[Electroman]

BonzaiBoy

I realise that you said the code was printed in some daily papers, well your right. I read some of those
articals and I tried to make sense of any of the code but couldn't because :

1.
It only showed the fist 5-10 lines depending which paper you read.

2.
I didn't know anything about VB code. I hadn't even started to learn at that point.(To think about it
it was the I-Love-You virus that got me started.

Mind at this point I set out to find the rest of the code. I found it quite easy even though It was only
released a couple of days before. I read though it (don't forget at this time I knew nothing about VB code)
and I learnt a load of stuff. And now I am a VB programmer making loads of my own programs, I owe this all to
the creater of the I-Love-You virus. Mind I haven't used my knowlagde of VB to any missuse.


As for the Women writing the code it was thought that because It was started from his girlfriends PC (at work I think ??)



KENNY_DEE NOTE THIS:
e-mail me.

[Electroman]

Just putting it to the top of the list.

[Paul282]

Why?

The code was a poor hack, seen a lot better posted here.

The idea behind the email virus was clever but that came about before the melissa virus anyway, they just copied the idea and added a bit. what's the big thrill?

I'm not a programming purest who says "don't make destructive code" but credit where credit's due there's not much special about the code an little to be learned. Merely an unoriginal idea to deliver a simple payload with a kill statement.

1 point for the script kiddies I think, they've learned to use the API and plagerize ideas.