F-Secure Virus Descriptions : Cartolina
Cartolina is a simple variant of the LoveLetter e-mail worm.
This version has been written in Italy. It was found in the wild
in early February, 2001. It's unlikely to spread far outside Italy.
The attachment the worm sends around is called CARTOLINA.VBS, which
means "Postcard" in Italian. The actual e-mail message is Italian and
reads:
From: name-of-the-infected-user
To: random-name-from-outlook-address-book
Subject: C' una cartolina per te!
Attachment: CARTOLINA.VBS
Ciao, un tuo amico ti ha spedito una cartolina virtuale... mooolto particolare!
The message means in english:
Subject: There's a postcard for you!
Hi, a friend of yours has sent you a... veeeery peculiar virtual postcard!
The worm also changes the default start page of Internet Explorer to
an Italian music web site.
After the worm send itself, it adds a registry key as a marker and
does not spread from the same system again.
[[Analysis: Mikko Hypponen & Katrin Tocheva, F-Secure, February 2001]
|
