• ILOVEYOU virus
• Tell us what you think: ILOVEYOU virus survey
• User virus prevention strategies
• Administrator virus prevention strategies
• Outlook for Macintosh
• Happy birthday to EMO

• New Slipstick site features
• New utilities
• Updated utilities

ILOVEYOU virus

The ILOVEYOU aka LoveBug aka VBS/LoveLetter virus propagates via Outlook 98, Outlook 2000 and Internet Relay Chat with a .vbs (VBScript) file payload. It is quite destructive. I feel like we need to dispel some common misconceptions about this virus:

Misconception #1: The virus spread because Outlook opens attachments automatically: No mail program would offer the feature of opening attachments automatically, because that's a sure way to spread viruses. Some people who opened the ILOVEYOU attachment may wish they could blame their infection directly on Outlook, but this particular virus spreads only if a person explicitly chooses to open the attachment.

Misconception #2: A rule or server application to block messages with particular text will make you safe from this virus: Many variants have emerged with different subject lines and different .vbs attachments. Filtering by subject is not an effective protection strategy.

Misconception #3: Only computers running Outlook are affected: While the ILOVEYOU virus spreads mainly through Outlook, running it destroys files on any computer using the Windows operating system.

Cleaning a machine infected with ILOVEYOU requires many changes. We've put together this summary:

How to Recover from the ILOVEYOU (VBS-Loveletter) Virus
http://slipstick.com/problems/fixloveletter.htm

If you want to read more about ILOVEYOU, how it works and what it does, we've found these links to be the most helpful:

CERT Advisory 
http://www.cert.org/advisories/CA-2000-04.html

F-Secure Computer Virus Information Pages 
http://datafellows.com/v-descs/love.htm

Woody's Office Watch special report 
http://www.woodyswatch.com/office/archtemplate.asp?v5-n21

For information on other viruses that can affect Microsoft Outlook, see:

Viruses Affecting Microsoft Outlook 
http://www.slipstick.com/problems/virus.htm

Tell us what you think: ILOVEYOU virus survey

Perhaps we all share the blame for the wild spread of the ILOVEYOU aka LoveBug aka VBS/LoveLetter virus and all its variants -- users for opening unsolicited attachments, mail administrators for not blocking certain types of files from e-mail messages, company executives for not requiring training on e-mail security issues, Microsoft for making it easy to create scripts that automate other programs, and those of us in the media for not warning you strongly enough.

I'd like to know what you're doing about it -- both users and administrators -- and what you think Microsoft should do. We've posted a survey for you to fill out at http://www.slipstick.com/problems/lovesurvey.htm and included a place for you to sound off with your general comments on the ILOVEYOU virus.

User virus prevention strategies

Is your computer fortified against virus invasions via Outlook? You should take these precautions:

1. Install the Outlook Attachment Security Update for your version of Outlook:

Outlook 2000 
http://officeupdate.microsoft.com/2000/downloadDetails/O2Kattch.htm

Outlook 98 
http://officeupdate.microsoft.com/downloadDetails/O98attch.htm

Outlook 97 
http://officeupdate.microsoft.com/downloadDetails/O97attch.htm

You'll see a button on the Tools | Options | Security dialog for Attachment Security. Make sure the option is set to High. This setting prevents you from opening many attachments directly from an e-mail message or from the preview pane. You must first save the attachment to your hard drive.

2. Download and install all the updates that address HTML mail vulnerability. Outlook shares HTML mail components with Internet Explorer, so you won't find these updates on the Office Update download site. We maintain a list at http://www.slipstick.com/outlook/htmlmail.htm.

3. Run an anti-virus program on your computer. See http://www.slipstick.com/addins/antivirus.htm for those that work directly with Outlook mail folders. Others will be able to scan attached files once you save them outside of Outlook.

4. Increase the security for HTML mail in Outlook 98 and Outlook 2000 l by following these steps:

1. Use Tools | Options | Security to set the security zone for Outlook HTML mail to Restricted Sites. 
2. Click the Zone Settings button, then OK. 
3. Select Custom, and then click the Settings button. 
4. On the Security Settings dialog box, choose Disable for all options under ActiveX Controls and plugins and Scripting. 
5. Click OK three times to save the updated security settings. .

5. Never open an unsolicited attachment, no matter how well you know the sender.

See http://www.slipstick.com/outlook/antivirus.htm for more virus protection ideas.

Administrator virus protection strategies

Organizations that have never connected a virus scanner to their e-mail server may find it easy to fund that software this week. Many companies that had server software set to reject .vbs file attachments avoided the virus completely. Some server-based virus scanners include attachment filtering. Separate programs to filter attachments and perform other content control functions are also available. We maintain two lists at:

• http://www.slipstick.com/addins/antivirus.htm#server 
• http://www.slipstick.com/addins/content_control.htm

On the Anti-virus page, you'll also find links to Microsoft's tools for purging virus payload messages from Exchange Server mailboxes.

In addition, early notification can be a key factor in controlling a virus outbreak. Administrators subscribed to the main Exchange administrator list  (http://ls.swynk.com/scripts/lyris.pl?site=swynk.com&page=topic&topic=exchange&text_mode=0) or our Outlook users list (http://www.egroups.com/group/outlook-users/ or mailto:outlook-users-subscribe@egroups.com) got early warnings about the virus and quick reactions on how to stop it and clean up infected machines.

Outlook for Macintosh

Outlook for Macintosh 8.2.2 for Exchange Server users is now available for download from Microsoft's FTP site at ftp://ftp.microsoft.com/bussys/exchange/exchange-public/fixes/Eng/Exchg5.5/SP3/MAC/. See ftp://ftp.microsoft.com%20/bussys/exchange/exchange-public/fixes/eng/exchg5.5/sp3/mac/readme.txt for details on installation instructions and bug fixes.

Microsoft has also published an update on the next version of Outlook for Macintosh, codenamed "Watson," at http://www.microsoft.com/mac/Exchange/default.asp. Don't confuse this with the PIM program promised for the next version of Microsoft Office for Macintosh. "Watson" will be a separate program for Exchange Server users.

Happy birthday to EMO!!

With this issue, we begin our fifth year of publishing Exchange Messaging Outlook to provide information to Outlook and Exchange users and developers and the administrators who support them. The newsletter has more than 2,200 subscribers in at least 44 countries.

You may have noticed that we have been a bit more regular and frequent in our publication schedule lately. That's a sign of more good things to come in EMO. Stay tuned.