Summary

Cartolina is a simple variant of the LoveLetter e-mail worm.

This version has been written in Italy. It was found in the wild in early February, 2001. It's unlikely to spread far outside Italy.

The attachment the worm sends around is called CARTOLINA.VBS, which means "Postcard" in Italian. The actual e-mail message is Italian and reads:

        From: name-of-the-infected-user
        To: random-name-from-outlook-address-book
        Subject: C' una cartolina per te!
        Attachment: CARTOLINA.VBS

        Ciao, un tuo amico ti ha spedito una cartolina virtuale... mooolto particolare!

The message means in english:

        Subject: There's a postcard for you!

        Hi, a friend of yours has sent you a... veeeery peculiar virtual postcard!

The worm also changes the default start page of Internet Explorer to an Italian music web site.

After the worm send itself, it adds a registry key as a marker and does not spread from the same system again.

[[Analysis: Mikko Hypponen & Katrin Tocheva, F-Secure, February 2001]