The VBS.NewLove.A is a worm, and spreads by sending itself to all addresses in the Outlook address book when it is activated. The attachment name is randomly chosen, but will always have a .Vbs extension. The subject header will begin with "FW: " and will include the name of the randomly chosen attachment (excluding the .VBS extension) Upon each infection, the worm introduces up to 10 new lines of randomly generated comments in order to prevent detection.
This polymorphic Loveletter variant will overwrite ALL files that are not currently in use regardless of extension. It arrives as an email message with a subject of "FW: FILENAME.EXT" and an attachment named "FILENAME.EXT.VBS" (where FILENAME.EXT is derived from the infected user's recently opened documents list.) The body of the email is empty. If no documents have been used recently, this name is randomly generated.
As a stop gap measure you can install VB Protect, a utility that warns you before you attempt to open any dangerous VBS attachment, but you should also download the latest version of your antivirus software
There were several other protection ideas in the 5/15 issue of LangaList Newsletter":
References sources:
The NewLove worm is an adaptation of the original I Love You worm, which according to this report from CIAC had a large number of different variations, with a variety of attachments. Note that although some of the attachments have strings like ".txt" or ".jpg" as a part of them, presumably to fool people who have been told it is ok to click on a TXT file or a JPG file, the real extension is "vbs"
LOVE-LETTER-FOR-YOU.TXT.vbs
Very Funny.vbs
mothersday.vbs
virus_warning.jpg.vbs
protect.vbs
IMPORTANT.TXT.vbs
Virus-Protection-Instructions.vbs
KillEmAll.TXT.VBS
ArabAir.TXT.vbs
Vir-Killer.vbs
LOOK.vbs
BEWERBUNG.TXT.vbs
BAND-AID.DOC.vbs
UOL.TXT.vbs
Bug and virus fix.vbs
ANTI-VIRUS-LISTE.TXT.vbs
MAJOR BUG & VIRUS FIX.vbs
antivirusupdate.vbs
Previous TCS Virus Alerts: