Lotus Notes immune to “Here you have” virus

Off
Strongback Consulting

Yet another $h17#3@0 virus maker has spawned his evil on the world with this recent “Here you have” virus. This is a version of the old Anna Kournikova virus from 2001, which in turn was a similar variant of the “Love Bug” virus in 2000.  I was working at marchFIRST (USWeb ) when the love bug virus hit, and remember well I was cursing the fact I was using Outlook at the time. These viruses use Visual Basic to target the Windows MAPI interface.

Lotus Notes does not use the MAPI interface. It has a completely different and self contained security model called the Execution Control List (ECL). The ECL is managed centrally by the Domino Administrator and can prevent such a virus from even launching.

All this said, it is important to note that although Lotus Notes will not execute the virus, and the virus will not transport via Lotus API’s, if the user has MS Outlook, Outlook Express, or any other MAPI tool installed, this virus can spread from this PC. Also, a Lotus Notes user may receive a virus email and the user might be foolish enough to open it. However the ECL should block the code and give the user a warning. Only if the user ignores the warning (by explicitly allowing it to run), it will only spread if the user has a MAPI client.


In the article where I first read this, the companies mentioned are Microsoft Exchange sites. You’ll notice the Outlook client displayed promptly in the video of the news article.

Comments are closed.

Strongback Consulting