U.S. Role Hit as Latest Computer Bug Scare Fizzles
After a computer virus deemed more destructive than the recent “Love Bug” sprouted on the Internet late Thursday, federal officials and anti-virus firms issued global alerts to computer users to take precautions.
But the germ appeared less widespread than at first anticipated, prompting concern that the government is ill-prepared to deal with viruses, hacker attacks and other furtive phenomena increasingly emerging from the seamy side of cyberspace.
“It’s like the boy who cried wolf,” said Richard Power, editorial director of the Computer Security Institute, a research group in San Francisco. “There is a serious problem in cyberspace but hyperbole takes away from the message.”
Initial reports about the virus, dubbed NewLove.vbs or Herbie, apparently represented a single company’s alert to federal officials.
The FBI’s National Infrastructure Protection Center flew into action, contacting major businesses overnight and warning early Friday that the virus could destroy computer files and replicate itself to all the e-mail addresses listed in an infected computer user’s mailbox. Like the Love Bug two weeks ago, the new virus can be spread only via Microsoft’s Outlook e-mail product.
Atty. Gen. Janet Reno, estimating that the virus had infected only about 1,000 computers, nevertheless convened an early-morning press conference in Washington to announce that federal officials had opened an investigation into the matter and warned users not to open e-mail attachments.
“We don’t know yet exactly how widespread this is,” said Michael Vatis, director of the NIPC. “We jump on these things as quickly as we can.”
The CERT Coordination Center at Carnegie Mellon University, which tracks attacks on government and big corporate computers, reported Friday afternoon that it had “received no direct reports of infections related to this virus.” A telephone poll conducted by the Pew Internet and American Life Project in Washington and released Friday suggested that the public concern about viruses may be overstated.
Overstatements of damage--into the tens of billions of dollars--was also a problem in the Love Bug incident, said Doug Tygar, professor of computer science at UC Berkeley.
“A lot of the people quoted the most in the media have a direct economic concern in stirring up fear--namely, the antiviral software companies,” Tygar said. The often cited damages of above $10 billion “is so absurdly wrong that I cannot possibly imagine how that number can even be taken seriously.”
In most cases, the damage done by the original Love Bug, he said, “amounted to having to [restart] a computer and sometimes install a filter on an e-mail program--both relatively trivial operations.”
Indeed, a study conducted last week found that just 15% of American adults who use e-mail reported that they received an e-mail containing the original Love Bug virus and only 4% of e-mail users opened the file and infected their PCs with the virus.
Some experts, however, said the massive publicity over the NewLove virus--together with bad timing--may have been responsible for helping to keep its impact limited.
Chris Le Tocq, a technology analyst at the San Jose office of the GartnerGroup consulting firm, said that, because the NewLove virus was spotted early on, companies and computer users received ample advance warning and were able to take precautions.
Whatever the cause, the good fortune stands in contrast to the first Love Bug virus--which traveled from overseas and began circulating in the U.S. just hours before most workers arrived at their desks. Many computer users unwittingly passed the virus along to others before news about it became widespread.
Moreover, the Love Bug represented a triumph of social enticement: the “ILoveYou” heading on infected e-mails proved highly effective for millions of gullible victims, who apparently proved willing to succumb to even anonymous proclamations of affection.
The new computer virus comes only days after Microsoft issued a software patch to bolster computer users’ protection against the Love Bug virus. Like the earlier virus, the new bug exploits features of Microsoft’s popular Outlook e-mail program to replicate itself.
But because the NewLove virus doubles in size every time it is passed along, it quickly clogs the computer servers that manage company e-mail systems--offering a wake-up call to system administrators to take corrective action.
Carey Nachenberg, chief virus researcher for Symantec Corp., a vendor of anti-virus software, explained that the Love Bug was more like the flu--easy to spread quickly, but rarely fatal to a computer. In contrast, he said, the new virus “kills its host so rapidly that in some cases it stops its own spread.”
A number of experts said that while NewLove can be highly destructive, a greater danger may be exaggerated estimates of damage that might undermine the credibility of security experts.
The publicity garnered by computer viruses has already triggered outrage among some lawmakers on Capitol Hill who blame the software industry for fueling the publicity and profiting from it in terms of greater anti-virus software sales.
During a hearing of the House Science Committee’s panel on technology last week, Rep. Anthony Weiner (D-N.Y.) blasted anti-virus software firms for their alleged “utter, abject failure . . . to protect against these” viruses.
“It seems to me we’ve had a little time to figure out how to [block] this,” Weiner said. “It ain’t gonna get any easier than this. They’re not going to knock on your door with a disk and say, ‘This is going out Monday morning.’ ”
