Fast-Moving Virus Hits Computers Worldwide
One of the most disruptive computer viruses in history, dubbed “ILoveYou” and the “Love Bug” and reportedly launched from the Philippines, raced across the Internet on Wednesday and Thursday. It affected millions of computers in about two dozen countries and caused untold millions of dollars in damage in lost productivity.
The Justice Department said the FBI had launched a sweeping investigation of the attack, even as some government officials were coping with the virus themselves.
Unlike last year’s Melissa virus, which penetrated millions of computers and caused about $300 million in damage, the Love Bug is spreading faster and can destroy a wide variety of computer files.
The Love Bug, spread primarily through e-mail, kills or hides eight kinds of files, including pictures, graphics and music, such as the popular MP3 format. It replaces those files with similarly named impostors that, when launched, begin the virus propagation anew.
Thousands of companies were apparently affected, including AT&T; Corp., Microsoft Corp., Time Warner Inc., Southern California Edison Co., Merrill Lynch & Co. and Ford Motor Co. Many firms had to shut down their e-mail systems.
Among government offices hit were the Pentagon, the CIA, NASA and the British House of Commons.
Law enforcement sources said they were following some early leads.
Early indications that the virus originated in Asia would not affect the direction of the investigation, said Chris Painter, deputy chief of the Justice Department’s computer crimes section.
Millions of computers have probably already been infected by the Love Bug, said David Perry, an executive with Trend Micro in Cupertino, Calif., an antivirus company that distributes software for disinfecting PCs and networks.
The current outbreak is transmitted primarily through Microsoft’s Outlook, an e-mail and scheduling program widely used in businesses. And the virus is apparently proliferating more quickly than Melissa. That virus accessed only the first 50 addresses in each personal computer’s address book. But once the Love Bug infects a computer, the virus is forwarded automatically to every address there, often pushing the virus to thousands of other computers.
“It’s similar to Melissa, but a lot worse,” said Craig Rager, president of hard-drive data recovery firm Data Mechanix in Irvine. “It seems to be propagating better, capturing passwords and e-mailing them out.”
Rager’s company handled nearly 100 calls from companies desperate for help retrieving files destroyed by the virus, Rager said. The virus left databases alone, but attacked audio and video files, they reported.
Such virus attacks will continue in the future despite improvements in the tools to fight them, experts said. The open nature of the Internet--designed to make the transfer of e-mail and data files easy--ensures that.
“As the [network] systems become more functional and complex, so the attacks will become more functional and complex,” said David Chess, a computer virus researcher with IBM. “It’s an arms race.”
In addition to spreading via e-mail, the Love Bug can be transmitted across a company’s entire network or via Internet relay chat, a common method for Internet chat.
ILoveYou can also spread into Microsoft’s Internet Explorer Web browser, surreptitiously directing users to one of several Web pages, apparently set up by the hacker, which then download destructive software to the victim’s PC.
And the virus has been transmitted by other names, “Very Funny,” and “Check This,” in e-mails with the heading “Joke.”
“No previous virus has used all of these techniques at once,” Chess said.
Although commonly referred to as a virus, ILoveYou is technically a “worm” in computer parlance. A virus is a set of computer instructions that attaches to a program or computer file, and a worm is a self-contained and often destructive program in its own right.
Although ILoveYou is malicious and technically well-designed, it relies on the linchpin of many successful hacking episodes: human gullibility. People activate the virus only after clicking on a file inside an e-mail. Millions of users apparently found the appeal of a love note too enticing to resist, even if it came from someone they didn’t know.
Microsoft said the Love Bug’s creator probably targeted the company’s software because it is so widely used. But experts also suggested that Microsoft’s Windows operating system represents an easy target for Internet vandals.
“Windows is too trusting for a heavily networked environment,” Chess said. “It assumes that anything you click on has your approval to run.”
Auto maker Ford found the first signs of the virus in Europe, and by early Thursday the company had shut down its e-mail system worldwide and alerted 125,000 employees.
“It naturally is delaying some work, but nothing crucial,” said Bob Tarlton, a Ford spokesman in Anaheim. “We’re using the phone a lot more today than we had been.”
Smaller companies were also hammered.
The chief technical officer at Rainbow Technologies Inc., an Internet security firm in Irvine, received about 50 ILoveYou messages, even after the company was warned early Thursday about the virus by its French office. The company shut its computer system down all day to clean it out.
“It is ironic that we are a manufacturer of a product that can protect against this kind of thing, and we hadn’t fully implemented it,” said Robert Shields, Rainbow’s director of strategic marketing.
Smaller companies were also hammered.
NASA, meanwhile, reported that at least four of its 10 space and research centers were infested. The Johnson Space Center in Houston and the Kennedy Space Center in Florida were forced to shut down their e-mail systems.
But many companies were able to limit the contagion by contacting employees before they could activate the Love Bug. Many also used security software to filter the virus messages out of the e-mail system before they reached users.
The staff at BeFree Inc. in Culver City walked into work and faced a bombardment of infected e-mail, along with strict orders from management to be cautious when using Microsoft Outlook.
“I got 38 [messages] myself,” said Bradley Allen, vice president of advanced technology for the Web marketing firm. “We were lucky because the people in our [information technology] team are on the East Coast, and they were reacting to this before any of us were awake.”
The virus represented another reminder.
Preparation is critical in responding to virus attacks, experts said, but too few companies are ready even after last year’s Melissa experience.
“If you had a well-rehearsed security incident response team, you got this under control fast,” said Mike Zboray, an analyst with GartnerGroup, a technology research firm. Otherwise, he said, “it’s like a fire drill with kindergarten kids.”
The virus attack violates federal law and carries a penalty of up to five years in prison for each count.
After the Melissa attack last spring, it took authorities little more than a week last spring to track down the 30-year-old computer programmer who was the virus’ creator. The programmer, David L. Smith, pleaded guilty in New Jersey state court in December.
Authorities were aided in that case by clues found in the virus itself. They also took advantage of a unique identification number stamped into the virus by Microsoft software.
Whether similar success might be achieved in the Love Bug case depends partly on how much finesse the attacker used to cover his electronic tracks.
The Love Bug has already proved to be an major headache, but the ingredients for a more powerful software virus already exist.
For example, a virus called “Bubbleboy” was found last year to have the ability to proliferate via e-mail without the message even being opened by the recipient, an insidious twist not present in the Melissa or ILoveYou viruses. In that case, security experts caught the virus before it became widespread.
“One of these days, the virus will have a destructive payload: It will erase all your data,” said Richard Power, editorial director of the Computer Security Institute, a research firm.
Times staff writers Elizabeth Douglass, P.J. Huffstutter, Robin Fields, Daryl Strickland and Karen Alexander contributed to this report.
(BEGIN TEXT OF INFOBOX / INFOGRAPHIC)
A new software virus, disguised in an e-mail with an amorous message, spread around the globe Thursday, crippling corporate and government computer networks. Here is how one computer security company explained its rapid and efficient infection process.
Like a chain letter bearing a bomb, the LoveLetter virus spreads primarily through the Windows-based e-mail application Outlook.
The virus invades when the attachment to an e-mail entitled “ILOVEYOU” is opened. It installs itself in the comp-uter’s system to launch when the machine is restarted.
The virus spreads by mailing itself to everyone in the user’s e-mail address book. Internet chat software, such as ICQ, also delivers the virus.
LoveLetter does its damage by over-writing certain types of files, like pictures (jpg files) and music (mp3 files). It deletes them and leaves infected copies in their place.
It also uses Internet Explorer’s home page to try and download a program that will steal passwords and mail them to an e-mail address in the Philippines.
Source: F-Secure Corporation