Threat Description

Cartolina

Details

Category: Malware
Platform: W32
Aliases: Cartolina, LoveLetter.CD, I-Worm.Jer

Summary


Cartolina is a simple variant of the LoveLetter e-mail worm.

This version has been written in Italy. It was found in the wild in early February, 2001. It's unlikely to spread far outside Italy.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More scanning & removal options

More information on scanning or removal options is available in the documentation for your F-Secure security product on the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

For further assistance, F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.



Technical Details


The attachment the worm sends around is called CARTOLINA.VBS, which means "Postcard" in Italian. The actual e-mail message is Italian and reads:

     From: name-of-the-infected-user         To: random-name-from-outlook-address-book         Subject: C' una cartolina per te!         Attachment: CARTOLINA.VBS        Ciao, un tuo amico ti ha spedito una cartolina virtuale... mooolto particolare!  

The message means in english:

     Subject: There's a postcard for you!        Hi, a friend of yours has sent you a... veeeery peculiar virtual postcard!  

The worm also changes the default start page of Internet Explorer to an Italian music web site.

After the worm send itself, it adds a registry key as a marker and does not spread from the same system again.





Technical Details:Mikko Hypponen & Katrin Tocheva, F-Secure, February 2001


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More