FRAMINGHAM (05/05/2000) - To avoid further infections by the "I Love You" virus, security experts said yesterday, information technology managers should tell all end users to delete virus-laden e-mails from their in-boxes and from their folders of deleted files to ensure that the messages aren't mistakenly opened at a later date.
The Computer Emergency Response Team (CERT) in Pittsburgh advised companies to update their anti-virus software and said they can halt the virus from spreading further by disabling the active scripting features in Microsoft Corp.'s Internet Explorer Web browser and their e-mail programs.
CERT also recommended that end users avoid clicking on e-mail attachments and shared files and that Internet Relay Chat users disable the automatic receiving of files via the direct client-to-client file-sharing mechanism.
While cleaning up the virus, users need to delete a set of registry files, said Elias Levy, an analyst at SecurityFocus.com in San Mateo, Calif. Companies using security tools and utilities to do the cleanup also should take care to recover MP3 files that may have been hidden but not destroyed by the Love virus, Levy said.
System administrators could protect against similar attacks by setting their Microsoft Exchange e-mail servers to block all attachments written in Visual Basic scripts, Levy said. And to help minimize the scope of future attacks, he added, anti-virus software vendors need to make sure their Web sites can handle heavy traffic from users anxious to install updates.
Still, there's no guarantee that fixes will always be installed in time to protect corporate networks.
"As long as we are intent on connecting to the Internet and using e-mail to communicate, there are going to be opportunities for crackers to go in and insert malicious code," said Tanya Candia, vice president of worldwide marketing at security software vendor F-Secure Corp. in Espoo, Finland.
"We have built a worldwide network that lets us find out about incidents and come up with a fix, but there is always going to be some kind of lag," Candia said.
For example, a variation of the Love virus called "VeryFunny.vbs" emerged later in the day on Thursday and hit some companies that had already suffered at the hands of the original invader, such as Zona Research Inc. in Redwood City, Calif.
Variations may defeat anti-virus tools that can contain the first virus if they include significantly different "signatures," security experts said.
But they can potentially be kept at bay by other technologies, such as the MIMEsweeper product from Content Technologies Inc. in Bellview, Wash.
MIMEsweeper lets users scan for certain words in the subject line of an e-mail and block those messages until an anti-virus update can be installed, the company said.