• The LoveLetter attachment contains a VBScript program that is executed when the attachment is opened, if the Windows Scripting Host (WSH) is activated.  The WSH service is available in Windows98 and Windows2000 machines. It is installed and activated when Internet Explorer 5 is installed.
• When the worm executes, it attempts to send copies of itself using Microsoft Outlook to all the entries in all the address books.
• The mail it sends has the following characteristics: Attachment named "LOVE-LETTER-FOR-YOU.TXT.VBS" ; Subject of "ILOVEYOU"; Message that reads "kindly check the attached LOVELETTER coming from me."    
• If the Internet Relay Chat client (mIRC) is present, the virus creates a script (script.ini) to transfer copies of itself the next time mIRC is executed.
• It directs Internet Explorer to one of four URLs that reference a file for download called WIN-BUGSFIX.exe, which is a password capture program.
• It replaces files on the hard drive with copies of itself. It replaces files with the following extensions (jpg, jpeg, mp3, mp2, vbs, vbe, js, jse, css, wsh, sct, hta). The data in these files cannot be recovered without a backup. This step is where the real damage occurs.
• Many variants have already appeared, including Jokes/Very Funny and Mothersday. They have the same behavior, since the email and attachment have simply been renamed.

What Actions Should Can I Take?
• Do not open any email attachments that are suspicious!
• Update your virus scanning software. Patches for LoveLetter are now available for all major packages
• Install the latest security patches from Microsoft to remove unnecessary ActiveX components from the trusted category. The VBScripts get their authority to read and write to disk by using ActiveX components that have such authority.
• If you are still uncomfortable, turn off Windows Scripting Host (WSH). WSH can be disabled by deselecting it in the Accessories Component section of Windows Setup.  You can get to this by going to Windows Setup Tab in Add/Remove Programs in the Control Panel and selecting Accessories. The Control Panel is reached by going to the Start Button, selecting Settings and then Control Panel.
• If that is still not enough protection, use an email client other than Microsoft Outlook (e.g. Netscape Messenger).

•  In order to make or receive a call with your computer, you must have a full duplex sound card (SoundBlaster 2 compatible is a safe specification), speakers, microphone, and Internet telephone software.
•  The sound card must support full duplex operation, so that both sides can talk at the same time without cutting each other off. Half duplex operation (like a walky-talky) is not acceptable.
• Most audio chat software also supports video.  If video is desired, you will need a small netcam (about $99) connected to the computer's serial port.
• Good audio reception performance requires both parties to use a headset with an integrated noise cancellation microphone.  This will eliminate feedback from the speakers and minimize room background noise. Such a headset typically costs less than $30.00.

     Internet enabled telephone conversation can be implemented in three ways.

• PC-to-PC connections are the most common. Common audio chat software includes VocalTec (www.vocaltec.com), VoxPhone (www.voxphone.com), PhoneFree (www.phonefree.com) ClearPhone (www.clearphone.com), PalTalk (www.paltalk.com), and Microsoft NetMeeting (www.microsoft.com/windows/NetMeeting). There is no charge for PC-to-PC connections, except for the normal Internet connectivity charges. Most of these programs include a video conferencing option (but beware you need bandwidth for video, at least 56kpbs).
• PC-to-Phone connections using a phone server at one end. You connect to a remote phone server using its IP address (or URL) and it makes a local connection to the desired party. The phone server companies include: Net2Phone (www.net2phone.com), DialPad (www.dialpad.com), CallRewards (www.callrewards.com), DeltaThree (www.deltathree.com), MediaRing (www.mediaring.com), and AccessPower (www.accesspower.com). All of these companies provide the "free" software for PC-to-PC connections.  PC-to-Phone connections are either free (aka, advertiser supported) or very low cost. None provide video.
• Phone-to-Phone connections use a phone server at each end. You call the local phone server using a local access number. The local phone server connects to the remote phone server via the Internet. The remote phone server makes a local connection to the desired party. This type of service is currently being heavily marketed to businesses. Net2Phone (www.net2phone.com) AccessPower (www.accesspower.com), and JusticeTelecom (http://www.justicetele.com/internet.html) offer this type of connection. It is interesting to note that AT&T is an investor in Net2Phone. This type of service does not have a video option.

What are the issues?

• The current version of IP software (IPv4) does not support the delivery of time sensitive data streams. The network latency (or delay) varies with time (jitters).  During Internet usage peaks, the voice transmission quality drops and the buffering requirements increase. This problem will be alleviated with the widespread adoption of the next generation of IP protocol (IPv6).  IPv6 information can be found at www.ipv6.org.
• Using the PC as a telephone is not really convenient and is unlikely to replace the telephone.
• Phone companies may try to get in on the action and force Internet Service Providers to charge for long distance calls. This is unlikely, but still an interesting legal battle to watch.

• Netscape Cookie Vulnerability (low risk)-- A javascript cookie can take advantage of the default user profile to read and transmit such things as bookmarks and web cache information. Barring any patches or fixes from Netscape, there are a couple things you can do to prevent this. The first thing you can do is disable cookies. In Navigator, click Edit, Preferences, and go to Advanced. You can choose to either reject all cookies, or set Navigator to warn you before accepting a cookie. Since this particular exploit also needs JavaScript, you can also turn off JavaScript from this same dialog by unchecking it. Of course, doing either eliminates some functionality of using web sites.
• Internet Explorer Cookie Vulnerability (medium risk)--Microsoft Internet Explorer's latest problem was discovered by the noted Bulgarian bug hunter Georgi Guninski and is another cross-frame security problem for IE. You can use this technique to send a hostile JavaScript into another frame. Once there, some of the things you could do include reading local files, reading cookies (which may have password information), window spoofing and other misdeeds.
  While waiting for a fix from Microsoft, you can turn off Active Scripting. In Internet Explorer 5: Click Tools, Internet Options. Go to the Security tab, click on the Internet Zone and click Custom Level, to bring up the list of Security Settings. It has a section such as “Cookies” Allow cookies that are stored in : options are disable, enable, prompt. Scroll down the list, and disable Java and Active Scripting in Microsoft VM and Java Scripting.