Threat Description



Aliases: Cartolina, LoveLetter.CD, I-Worm.Jer
Category: Malware
Platform: W32


Cartolina is a simple variant of the LoveLetter e-mail worm.

This version has been written in Italy. It was found in the wild in early February, 2001. It's unlikely to spread far outside Italy.


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.


Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.

Technical Details

The attachment the worm sends around is called CARTOLINA.VBS, which means "Postcard" in Italian. The actual e-mail message is Italian and reads:

     From: name-of-the-infected-user         To: random-name-from-outlook-address-book         Subject: C' una cartolina per te!         Attachment: CARTOLINA.VBS        Ciao, un tuo amico ti ha spedito una cartolina virtuale... mooolto particolare!  

The message means in english:

     Subject: There's a postcard for you!        Hi, a friend of yours has sent you a... veeeery peculiar virtual postcard!  

The worm also changes the default start page of Internet Explorer to an Italian music web site.

After the worm send itself, it adds a registry key as a marker and does not spread from the same system again.

Technical Details:Mikko Hypponen & Katrin Tocheva, F-Secure, February 2001


Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More