Friday May 19 8:21 AM ET New 'Love Bug' Virus Threatens Computers

By Dan Lalor

LONDON (Reuters) - Software security firms warned computer users on Friday to guard against a new, potentially more destructive strain of the 'Love Bug' virus that swept the world earlier this month.

But while experts said several thousand computers had been infected by the new e-mail virus, hopes were growing it may not spread as widely as the first Love Bug did because firms have updated security since.

This second threat to the world's computer network in a matter of weeks may finally prompt concerted government action to fight a crime that ignores national borders and which is covered by few international treaties.

Germany's interior minister, Otto Schily, said: ``The new virus attack shows that such threats are not technical games but rather criminal actions which must be met with early countermeasures.''

The new virus causes greater damage than the original because it wipes files clean and tries to hide by constantly changing its appearance, said Eric Chien, chief research manager for U.S. computer security firm Symantec Corp.

But because firms have generally been on greater alert ''this is not nearly as bad as the earlier one,'' Finnish software security firm F-Secure Chief Executive Risto Siilasmaa told Reuters.

``It may grow more intense, but it will probably not be nearly as bad as the original...it would have spread more rapidly from the beginning.''

Nevertheless, Simon Perry, vice president of security solutions at U.S.-based Computer Associates warned that ``with destructive payloads inside this version, the stakes and costs are much higher than before.''

Perry said the virus renamed all files on a computer's local hard drive and associated network drives with a VBS (visual basic script) extension and set the file size to zero -- effectively making the computer's system and network inoperable.

Vbs Extension Important

Alan Stevens, head of digital services at Britain's Consumers Association, said the VBS extension was key to recognizing and eliminating the virus.

``You would not normally expect someone to send you an e-mail with a VBS extension. They are unusual, so they should be a dead giveaway to someone who knows what they are doing.''

The virus, which targets users of Microsoft's Outlook program, arrives with ``FW:'' in the subject line. This is not that unusual in itself, simply signifying the message has been forwarded from elsewhere. The virulent VBS extension is contained in the body of the e-mail.

Once opened, the virus will send itself to everyone in the recipient's Outlook address book, just as Love Bug did, but the attached file name may change each time a new e-mail is sent. The Love Bug virus mainly carried the message: ``I love you.''

Symantec's Chien said the new bug was ``more nasty'' than Love Bug because ``it is highly polymorphic...it changes the way it looks every time.''

He rated its current spread as ``medium'' but gave it a ''high'' rating for its potential to replicate further.

Symantec clients in Europe and Israel had been affected, but the main impact was on North American clients, Chien said.

Raimund Genes, managing director of Trend Micro, a German messaging and Internet access provider, said the impact of the virus would vary among computers because it was mutating.

``Some computers will still work but send out the virus,'' he said, while others will become inoperable.

Best Advice: Beware Vbs

Computer users were advised to filter for e-mails with the word ``FW'' along with an attachment with a .VBS extension.

Then, any e-mail attachments with a VBS extension should be treated with caution, Stevens at the Consumers Association said. ``The normal rules apply. Make sure all files are backed up and be cautious with the unusual.''

Chien at Symantec said his company was having to write new code to send to clients, whereas the solution to Love Bug had been more of a ready-made job.

The original Love Bug virus crippled computers worldwide, including some at the U.S. Pentagon, and is estimated to have cost $7 billion in damage. A Philippine computer school dropout is under investigation for spreading the cyber-worm.

Governments In Action

Attempts to establish some sort of global effort to tackle cybercrime have tended to quickly become mired amid the niceties of international law and regional jealousies, but something has been happening.

The Council of Europe is drafting an international convention to fight hackers, virus writers and fraudsters who steal credit card numbers or defraud online consumers, although it will not be ready for signing before September 2001.

http://dailynews.yahoo.com/h/nm/20000519/ts/virus_security_1.html

-- Martin Thompson (mthom1927@aol.com), May 19, 2000

Answers

May 19, 2000 - 09:18 AM

New Bug Loose in Computers, but Not Spreading Rapidly Yet, Experts Say By Peter Svensson The Associated Press

NEW YORK (AP) - A new computer virus, said to be both smarter and more destructive than the worldwide "Love Bug" plague that inspired it, has surfaced but was not spreading rapidly today, according to Internet bug watchers. The CERT Coordination Center, a government-chartered computer emergency team at Carnegie Mellon University in Pittsburgh, reported that as of 8 a.m. EDT, it had "received no direct reports of infections related to this virus."

The virus was detected at several large companies late Thursday, said Dave Perry, spokesman for anti-virus software maker Trend Micro Inc., based in Cupertino, Calif. At one company, 5,000 computers were infected, he said. He would not identify any of the companies affected.

While the "Love Bug" was given away by the "ILOVEYOU" subject line of the e-mails that carried it, the new virus changes subject lines every time it is sent. Also, it destroys most of the files on the computers it infects, causing potentially catastrophic losses of data.

"Each time the virus spreads, it mutates itself to evade detection," Symantec Corp., another Cupertino-based anti-virus software maker, said in a statement.

The subject line of an infected e-mail starts with "FW: " and includes the name of a randomly chosen attachment from a previous e- mail on an infected computer. The e-mail will have an attachment with the same name, but ending in ".vbs."

Clicking on the attachment will activate the virus. Like "Love Bug," it will send itself to everyone in the user's address book. It will then overwrite most files on the hard drive, rendering the computer useless until the operating system is reinstalled.

So far, Microsoft's Outlook is the only e-mail program the virus is attacking, said Anita Chen, a spokeswoman for Trend Micro. Microsoft has said it will next week make available a modification to Outlook that will warn users about suspect e-mail attachments.

The size of the virus's attachments are more likely to crash e-mail servers, experts said. The "Love Bug" had a small attachment, but crashed e-mail servers all over the world when it sent millions of copies of itself through the systems at once.

The "Love Bug" spread like an avalanche to millions of computers two weeks ago. Estimates of the damages caused range up to $10 billion, and investigators have questioned several people in the Philippines during the search for the author.

The relatively simple "Love Bug" virus was followed some hours later by slightly modified variants, posing as jokes or confirmations on Mother's Day gifts. None of the variants were very widespread.

Trend Micro's Perry said he hoped that increased awareness among e- mail users would hold back the spread of the new virus.

"Any time a virus hits a week after another virus, its potency is diminished," he said. "People tend to be a little more cautious."

---

On the Net:

Trend Micro: http://www.antivirus.com

Symantec: http://www.symantec.com

Microsoft Office Update: http://officeupdate.microsoft.com

CERT Coordination Center, a government-chartered computer security team: http://www.cert.org

National Infrastructure Protection Center at http://www.nipc.gov

http://ap.tbo.com/ap/breaking/MGIBEMEUF8C.html

-- Martin Thompson (mthom1927@aol.com), May 19, 2000.

New 'Love Bug' Virus May Be Most Damaging Yet

Compiled from News Services Friday, May 19, 2000; 9:47 AM

A new computer virus, said to be both smarter and more destructive than the worldwide "Love Bug" plague that inspired it, has surfaced but was not spreading rapidly today, according to Internet bug watchers.

The FBIs top cyber investigator says the latest e-mail virus appears to have originated in the U.S. Michael Vatis says federal investigators first got word early this morning, and began sending out alerts at around 2 a.m. EDT. Vatis says its unclear how widespread the virus is. He says its more sinister than the Love Bug virus because it changes subject lines each time its resent, making it harder to protect against.

The CERT Coordination Center, a government-chartered computer emergency team at Carnegie Mellon University, reported that as of 8 a.m. EDT, it had "received no direct reports of infections related to this virus."

While the "Love Bug" was given away by the "ILOVEYOU" subject line of the e-mails that carried it, the new virus changes subject lines every time it is sent. It also destroys most of the files on the computers it infects.

"Each time the virus spreads, it mutates itself to evade detection," according to Symantec Corp., an anti-virus software maker in Cupertino, Calif.

The subject line of an infected e-mail starts with "FW: " and includes the name of a randomly chosen attachment from a previous e- mail on an infected computer. The e-mail will have an attachment with the same name, but ending in ".vbs."

Clicking on the attachment will activate the virus. Like "Love Bug," it will send itself to everyone in the user's address book. It will then overwrite most files on the hard drive, rendering the computer useless until the operating system is reinstalled.

Alan Stevens, head of digital services at Britain's Consumers Association, said the VBS extension was key to recognizing and eliminating the virus.

"You would not normally expect someone to send you an e-mail with a VBS extension. They are unusual, so they should be a dead giveaway to someone who knows what they are doing."

Simon Perry, vice president of security solutions at U.S.-based Computer Associates said the virus renamed all files on a computer's local hard drive and associated network drives with a VBS (visual basic script) extension and set the file size to zero -- effectively making the computer's system and network inoperable.

The size of the virus's attachments are more likely to crash e-mail servers, experts said. The "Love Bug" had a small attachment, but crashed e-mail servers all over the world when it sent millions of copies of itself through the systems at once.

So far, Microsoft's Outlook is the only e-mail program the virus is attacking, said Anita Chen, a spokeswoman for Trend Micro. Microsoft has said it will next week make available a modification to Outlook that will warn users about suspect e-mail attachments.

The virus was detected at several large companies late Thursday, said Dave Perry, spokesman for another anti-virus software maker, Trend Micro Inc. in Cupertino. At one company, 5,000 computers were infected, said Perry, who would not identify any of the companies affected.

The "Love Bug" spread like an avalanche to millions of computers two weeks ago. Estimates of the damages caused range up to $10 billion, and investigators have questioned several people in the Philippines during the search for the author.

The relatively simple "Love Bug" virus was followed some hours later by slightly modified variants, posing as jokes or confirmations on Mother's Day gifts. None of the variants were very widespread.

Trend Micro's Perry said he hoped that increased awareness among e- mail users would hold back the spread of the new virus.

"Any time a virus hits a week after another virus, its potency is diminished," he said. "People tend to be a little more cautious."

This second threat to the world's computer network in a matter of weeks may finally prompt concerted government action to fight a crime that ignores national borders and which is covered by few international treaties.

Germany's interior minister, Otto Schily, said: "The new virus attack shows that such threats are not technical games but rather criminal actions which must be met with early countermeasures."

http://www.washingtonpost.com/wp-dyn/articles/A31573-2000May19.html

-- Martin Thompson (mthom1927@aol.com), May 19, 2000.

Thank you for this information Martin!

-- (Dee360Degree@aol.com), May 19, 2000.