Fast-Moving Virus Hits Computers Worldwide
One of the most disruptive computer viruses in history, dubbed “ILoveYou” and the “Love Bug” and reportedly launched from the Philippines, raced across the Internet on Wednesday and Thursday. It affected millions of computers in about two dozen countries and caused untold millions of dollars in damage in lost productivity.
The Justice Department said the FBI had launched a sweeping investigation of the attack, even as some government officials were coping with the virus themselves.
Unlike last year’s Melissa virus, which penetrated millions of computers and caused about $300 million in damage, the Love Bug is spreading faster and can destroy a wide variety of computer files.
The Love Bug, spread primarily through e-mail, kills or hides eight kinds of files, including pictures, graphics and music, such as the popular MP3 format. It replaces those files with similarly named impostors that, when launched with a click, begin the virus propagation anew.
Thousands of companies were apparently affected, including AT&T; Corp., Microsoft Corp., Time Warner Inc., Southern California Edison Co., Merrill Lynch & Co. and Ford Motor Co. Many firms had to shut down their e-mail systems.
Among government offices hit were the Pentagon, the CIA, NASA and the British House of Commons.
Law enforcement sources said they were following some early leads.
Early indications that the virus originated in Asia would not affect the direction of the investigation, said Chris Painter, deputy chief of the Justice Department’s computer crimes section.
Millions of computers have probably already been infected by the Love Bug, said David Perry, an executive with Trend Micro in Cupertino, Calif., an anti-virus company that distributes software that disinfects PCs and networks.
The current outbreak is transmitted primarily through Microsoft’s Outlook, an e-mail and scheduling program widely used in businesses. The virus is hidden in e-mail messages with “ILOVEYOU” in the subject line.
And the virus is apparently proliferating more quickly than Melissa. That virus accessed only the first 50 addresses in each personal computer’s address book. But once the Love Bug infects a computer, the virus is forwarded automatically to every address there, often pushing the virus to thousands of other computers.
“I’ve never seen a virus climb this way,” said Perry, whose own company’s computers were initially infected.
Such virus attacks will continue in the future despite improvements in the tools to fight them, experts said. The open nature of the Internet--designed to make the transfer of e-mail and data files easy--ensures that.
“As the [network] systems become more functional and complex, so the attacks will become more functional and complex,” said David Chess, a computer virus researcher with IBM. “It’s an arms race.”
In addition to spreading via e-mail, the Love Bug can be transmitted across a company’s entire network or via Internet relay chat, a common method for Internet chat.
ILoveYou can also spread into Microsoft’s Internet Explorer Web browser, surreptitiously directing users to one of several Web pages, apparently set up by the hacker, which then download destructive software to the victim’s PC, according to security experts.
And the virus has been transmitted by other names, “Very Funny,” and “Check This,” in e-mails with the heading “Joke.”
“No previous virus has used all of these techniques at once,” Chess said.
Some analysts estimate that the episode has already cost many millions of dollars in lost productivity.
Although commonly referred to as a virus, ILoveYou is technically a “worm” in computer parlance. A virus is a set of computer instructions that attaches to a program or computer file, and a worm is a self-contained and often destructive program in its own right.
Although ILoveYou is malicious and technically well-designed, it relies on the linchpin of many successful hacking episodes: human gullibility. People activate the virus only after clicking on a file inside an e-mail. Millions of users apparently found the appeal of a love note too enticing to resist, even if it came from someone they didn’t know.
Microsoft said the Love Bug’s creator probably targeted the company’s software because it is so widely used. But experts also suggested that Microsoft’s Windows operating system represents an easy target for Internet vandals.
“Windows is too trusting for a heavily networked environment,” Chess said. “It assumes that anything you click on has your approval to run.”
Auto maker Ford found the first signs of the virus in Europe, and by early Thursday the company had shut down its e-mail system worldwide and alerted 125,000 employees.
Smaller companies were also hammered.
“Someone at headquarters got the virus and it apparently wiped out some of our artwork files, and we haven’t had e-mail for several hours now,” said Christina Soletti, who works in the Los Angeles office of New York-based public relations firm Kratz & Jensen. “It’s kind of a nightmare. . . . You realize how much you depend on e-mail when the server is down.”
Data Mechanix in Irvine, a data recovery consultancy, received nearly 100 calls from companies desperate for help to retrieve audio and video files destroyed by the virus, company President Craig Rager said.
The virus also swept through government agencies.
NASA reported that at least four of its 10 space and research centers were infested. The Johnson Space Center in Houston and the Kennedy Space Center in Florida were forced to shut down their e-mail systems.
But many companies were able to limit the contagion by contacting employees before they could activate the Love Bug. Many also used security software to filter the virus messages out of the e-mail system before they reached users.
The staff at BeFree Inc. in Culver City walked into work and faced a bombardment of infected e-mail, along with strict orders from management to be cautious when using Microsoft Outlook.
“I got 38 [messages] myself,” said Bradley Allen, vice president of advanced technology for the Web marketing firm. “We were lucky because the people in our [information technology] team are on the East Coast, and they were reacting to this before any of us were awake.”
Preparation is critical in responding to virus attacks, experts said, but too few companies are ready even after last year’s Melissa experience.
“If you had a well-rehearsed security incident response team, you got this under control fast,” said Mike Zboray, an analyst with GartnerGroup, a technology research firm. Otherwise, he said, “it’s like a fire drill with kindergarten kids.”
The virus attack violates federal law and carries a penalty of up to five years in prison for each count.
After the Melissa attack, it took authorities little more than a week last spring to track down the 30-year-old computer programmer who created it. The programmer, David L. Smith, pleaded guilty in New Jersey state court in December.
Authorities were aided in that case by clues found in the virus itself. Security experts found a tiny message in the code thanking “Codebrakers.org,” where some of the code used to write Melissa had apparently been posted. They also took advantage of a unique identification number stamped into the virus by Microsoft software.
Whether similar success might be achieved in the Love Bug case depends partly on how much finesse the attacker used to cover his electronic tracks.
The Love Bug has already proved to be an major headache, but the ingredients for a more powerful software virus already exist and could be delivered via e-mail.
For example, a virus called “Bubbleboy” was found last year to have the ability to proliferate via e-mail without the message even being opened by the recipient, an insidious twist not present in the Melissa or ILoveYou viruses. In that case, security experts caught the virus before it became widespread.
“One of these days, the virus will have a destructive payload: It will erase all your data,” said Richard Power, editorial director of the Computer Security Institute, a research firm.
He added: “The problem’s only going to get more acute, and the solution will not be solely technological. You have to educate your users better about good hygiene in cyberspace.”
*
Times staff writers Elizabeth Douglass, P.J. Huffstutter, Robin Fields and Daryl Strickland contributed to this report.
*
FIGHTING A VIRUS
Common sense is the best defense, the experts say. C3
(BEGIN TEXT OF INFOBOX / INFOGRAPHIC)
Love Hurts
A new software virus, disguised in an e-mail with an amorous message, spread around the globe Thursday, crippling corporate and government computer networks. Here is how one computer security company explained its rapid and efficient infection process.
*
Like a chain letter bearing a bomb, the LoveLetter virus spreads primarily through the Windows-based e-mail application Outlook.
*
The virus invades when the attachment to an e-mail entitled “ILOVEYOU” is opened. It installs itself in the comp-uter’s system to launch when the machine is restarted.
*
The virus spreads by mailing itself to everyone in the user’s e-mail address book. Internet chat software, such as ICQ, also delivers the virus.
*
LoveLetter does its damage by over-writing certain types of files, like pictures (jpg files) and music (mp3 files). It deletes them and leaves infected copies in their place.
*
It also uses Internet Explorer’s home page to try and download a program that will steal passwords and mail them to an e-mail address in the Philippines.
*
Source: F-Secure Corporation
