Symantec.com > Security Response > VBS.Loveletter.AS

VBS.Loveletter.AS

Wild Level: Low
Number of Infections: More than 1000
Number of Sites: More than 10
Geographical Distribution: High
Threat Containment: Easy
Removal: Moderate

Risk Level 2: Low

Discovered: June 6, 2000

Updated: February 13, 2007 11:57:01 AM

Also Known As: VBS.Plan.A, VBS.LoveLetter.Variant, VBS.President.Worm, VBS/LoveLetter@MM [McAfee], I-Worm.LoveLetter [AVP], VBS_LOVELETTR.AS [Trend], VBS/LoveLet-AS [Sophos]

Type: Worm

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

VBS.Loveletter.AS is a Visual BASIC Script worm that is detected by Norton AntiVirus (NAV) as VBS.LoveLetter.Variant with virus definitions prior to August 28, 2000. This worm shares many of the properties of the VBS.LoveLetter worm. It spreads using Microsoft Outlook and overwrites files with a copy of itself.

How to protect your computer against infection by VBS.Loveletter.AS and similar threats

Update virus definitions
All currently known variants of VBS.Loveletter.AS are detected by NAV with current definitions. Because the variants were first detected as VBS.LoveLetter.Variant, it is important that you have the most recent definitions to get complete detection. Please run LiveUpdate, or download the definitions from the following Web site:

http://www.symantec.com/avcenter/download.html

Additional precautions that you can take:

If you are using Norton AntiVirus 2002, which includes Script Blocking, make sure that Script Blocking is enabled (the default).
If you are using Norton AntiVirus 2001, a free program update that includes Script Blocking is available. Please run LiveUpdate to obtain this.
For earlier versions of Norton AntiVirus, Symantec Security Response offers a tool to disable the Windows Scripting Host.
To disable the Windows Scripting Host in Microsoft Outlook Express only, see the Microsoft Knowledge Base document OLEXP: How to Disable Active Scripting in Outlook Express, Article ID: Q192846.