 |
 |
>From ZDNET Love Bug Takes Deadly Toll By Joe Berkofsky May 4, 2000 An insidious email-borne virus that chokes networks and devours music and graphics files has infected many of the world's corporations in a plague that's spread faster than the infamous, devastating Melissa bug. By midday Thursday the so-called "ILOVEYOU" bug had struck tens of thousands of multinational corporate and government networks in Europe, Asia, and North America, and was spreading, as one virus watcher put it, "like wildfire." What makes this email-borne bug so seductive, and potentially dangerous, is the simple "ILOVEYOU" subject line above the message, analysts say. "People are a lot more curious about this than Melissa," Richard M. Smith, a Brookline, Mass.-based Internet consultant, told ZDTV News. The "Love Bug" hit more than 200,000 mail hubs globally, infecting Britain's House of Commons; Switzerlands' Credit Suisse bank; the Pentagon; Congress, US military bases; the US Department of Agriculture; media mega-corp Time Warner; ABC; C-SPAN; ESPN; the Dallas Morning News; Fox and financial giant Merrill Lynch, Ford Motor Co., plus several Web firms. The White House said it was "affected" but that operations are running "smoothly." The FBI's National Infrastructure Protection Center issued a warning and was investigating. The vicious bug-- only 11kb, but once-unleashed, highly destructive-- mirrors the 1999 Melissa worm. It appears as an unsolicited .vbs file attached to email carrying the subject line "ILOVEYOU" and containing the body text, "kindly check the attached LOVELETTER coming from me." Computer users who get the bug should simply delete the email without opening the attachment. The virus: · Replaces MPEG music files with itself; · Replaces JPEG graphics files with itself; · Commandeers Micosoft's Outlook email program and mails itself to everyone in the Outlook address book; · Replaces any IE5 Web browser start page with a different webpage that contains an unknown executable file (the files reportedly lived on pages that have since been removed from a Manila-based ISP, Sky Internet). Like the Melissa "worm" virus, the "Love Bug" searches a computer for all files with the extensions JPG, JPEG, MP2, and MP3, as well as other lesser-used files, and replaces them with decoys of itself under the same name-- this time with the extension VBS. The Love Bug can worm its way through corporate firewalls because most are not built to resist attachments with a .txt.vbs extension. All of the leading antiviral software firms have released free trial versions of fix programs that will protect a machine from such bugs, but will not allow you to recover lost files that have not been backed up. The Love Bug also crawls across chat rooms through the popular mIRC chat tool. If you've been infected, you will spread the virus to other people in a room the next time you begin chatting. Several news organizations reported the bug originated in the Philippines. Some say the suspect the author is a young male, likely a bored youth who unleashed the Love Bug without realizing its destructive impact. Two lines in the virus code identify the author as "Spyder," part of the unknown "@GRAMMERsoft Group" from Manila. One script line says, "I hate go to school" and says of the virus's creation, "simple but I think this is good." The code is dated March 2000. Smith predicted that within two to three days most email servers will be fixed with anti-"Love Bug" software, and the bug will stop speading via email. Users can also configure Outlook to reject any message with the "ILOVEYOU" message. But, he warned, the real threat will surface in two to three weeks, when infected computer users begin clicking on their own music and graphics files where the virus was hiding, lying dormant. "It's the secondary damage that you don't even realize" at first, Smith said. -- ******************************************************* Douglas M. White, PT, OCS Physical Therapist, Consultant 191 Blue Hills Parkway Milton, MA USA 02186 P: 617.696.1974 [log in to unmask] http://members.tripod.com/DouglasWhite/ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%