1. Symantec/
  2. Security Response/
  3. VBS.LoveLetter.CH


Risk Level 2: Low

March 21, 2001
February 13, 2007 11:35:51 AM
Also Known As:
VBS/Linda.A, VBS.Vbswg2.gen

This worm sends itself to email addresses in the Microsoft Outlook address book and also spreads to Internet chatrooms using mIRC. This worm overwrites files on local and remote drives, including files with the extensions .vbs, .vbe, .js, .jse, .css, .wsh, .sct, .hta, .jpg, .jpeg, .wav, .txt, .gif, .doc, .htm, .html, .xls, .ini, .bat, .com, .avi, .qt, .mpg, .mpeg, .cpp, .c, .h, .swd, .psd, .wri, .mp3, and .mp2.

The contents of most of these files are replaced with the source code of the worm, destroying the original contents. The worm also appends the .vbs extension to each of these files. For example, image.jpg becomes image.jpg.vbs.

Antivirus Protection Dates

  • Initial Rapid Release version March 21, 2001
  • Latest Rapid Release version August 8, 2016 revision 023
  • Initial Daily Certified version March 21, 2001
  • Latest Daily Certified version August 9, 2016 revision 001
  • Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Douglas Knowles

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube