NATIONAL NEWS

Love bug begets tribe of insidious offspring

By PAUL HEINRICHS and BRENDAN NICHOLSON Sunday 7 May 2000 The "ILOVEYOU" virus hit 45 million users and was estimated to cost $US1 billion in computer damage and downtime

Australian companies and governments will face another maximum-alert tomorrow morning to deal with variations of the rampant "love bug" e-mail virus that crippled world communications on Friday.

The flashpoint will occur when several million office workers decide whether to open e-mail that may contain as many as 10 variations of the "ILOVEYOU" virus that hit 45 million users and was estimated to cost $US1 billion in computer damage and downtime.

Top-secret installations at the Pentagon and the State Department came under attack from the variants, which include the so-called Mother's Day virus and even an insidiously deceptive virus posing as a "virus ALERT!!!" message from the Symantec AntiVirus Research Centre in the US.

Symantec is warning that the "alert" is not authorised, and that it deletes .bat and .com files. The "alert" should be deleted immediately.

According to Steve Gottwals, of the US group F-Secure, the Mother's Day virus is even more destructive than Friday's bug because it can corrupt .ini, or initialisation files, preventing a computer from rebooting or starting.

All Commonwealth Government departments have warned staff returning to work after the weekend to avoid opening suspect e-mails.

The spokeswoman for Canberra's troubleshooter on communications problems, Senator Ian Campbell, said everyone using public service computer systems would be greeted with a warning about the e-mails when they next logged on. Technical staff were reminded to ensure the latest anti-viral systems were installed.

A spokesman for Treasurer Peter Costello said he was confident that Treasury officials had safeguarded Tuesday's budget material.

Meanwhile, Philippine crime busters and Internet service providers say they have identified a 23-year-old man whom they suspect to be "spyder", author of the virus, which is believed to have originated in Manila.

Almer Mallari, an agent of the anti-fraud unit of the Philippine National Bureau of Investigation (NBI), said: "We have a suspect. We are working on the leads." Jose Carlotta, chief operating officer of Internet service provider Access Net Inc, was quoted in The Philippine Star newspaper saying that a comparison of notes by providers had reduced the suspects to a 23-year-old man living in the lower-middle-class district of Pandacan in Manila.

A message left by the virus had the words "Manila, Philippines" and "I hate to go to school" embedded, leading to speculation that the hacker was a schoolboy in the Philippines.

Access supplied spyder with the two e-mail addresses from which the virus originated.

Mr Carlotta said the person behind spyder had paid for one e-mail address with a pre-paid plastic card and acquired others by hacking, as Access had no current name and address.

Peter Tibbet, of icsa.net, in Virginia, which was used by the US Justice Department to quantify the damage caused by the similar, milder Melissa virus, said he believed the scale of losses would reach $1billion by Monday, by which time half of all US companies would be infected.

In Britain, the Consumers' Association said 30 to 50 per cent of UK businesses were affected.

The ingenuity of the virus was that it combined a simple, effective means of spreading itself and causing damage with a deft psychological trick - it came disguised as a love letter. When IT workers tried to open the letter by clicking on it, they launched the virus.

The virus spreads by mailing itself to every e-mail address in a recipient's notebook, it overwrites picture and music files and downloads another piece of software from one of four remote websites that reads a user's secret passwords and mails them to the virus author.

Those remote websites have now been shut down. But other websites can be substituted and a new version launched to scan more passwords. That is what happened yesterday, with at least three other versions of the ILOVEYOU virus emerging.

One, "Very Funny", masquerades as a joke. Another purports to be an e-mail about Mother's Day. A third is called "Susitikim", which means "let's meet" in Lithuanian.

Pierre Vandeveune, of the Belgian firm Datarescue, asked why it was that in Microsoft's e-mail application Outlook Express a single click by a naive user was all it took to launch an alien program that could mess up the entire computer.

"The problem with Microsoft is that all the pieces link together too well. The system works so well you don't think about it; you just click, and this virus can e-mail your password outside," said Mr Vandeveune. - With agencies and GUARDIAN

http://www.theage.com.au/news/20000507/A45890-2000May6.html

-- Martin Thompson (mthom1927@aol.com), May 06, 2000