Friday May 5
'Love Bug' Takes New Forms to Deceive Users
By Derek Caney

NEW YORK (Reuters) - Copycat variants of the ``Love Bug'' virus burrowed their way into computers systems around the world on Friday, a day after the most widespread cyber-attack ever wreaked havoc on business and government operations.

The virus, first detected in Asia on Thursday, spread rapidly, forcing network administrators to shut down electronic mail systems at major companies and penetrating the Pentagon, the Central Intelligence Agency and the British Parliament.

The new variants of the viruses take the form of Mother's Day gift notices, jokes and even anti-virus warnings.

The original virus, tagged ``ILOVEYOU,'' works by enticing e-mail recipients to open an attached letter, only to cripple their e-mail systems.

Upon opening the attachment using Microsoft software such as the Outlook program, it sends a copy of the virus to everyone in the user's address book and seeks to destroy a variety of files throughout a computer network, including picture and music files.

The latest variants on the virus is possibly the most devious of all. One e-mail message has the words ``Virus ALERT'' in the subject line and the body of the message poses as letter that starts ``Dear Symantec customer,'' said Carey Nachenberg, chief researcher at Symantec Corp.'s (NasdaqNM:SYMC - news) anti-virus research center.

The note offers the reader a false virus remedy as a file attachment. When the attached file is opened, it activates the virus, Nachenberg said.

``We have a copy of the virus already,'' Nachenberg told Reuters in an interview, noting that it has already notified customers through its Web site and provided software to fix it.

``This type of spoofing is common,'' he said. But he noted that the widespread nature of these viruses was by no means common. ``We're keeping our customers informed.'' Symantec is one of the largest makers of anti-virus software.

The other variant is a similar one with the words ''Dangerous Virus Warning'' in the subject line, researchers say, but without a reference to Symantec in the message.

In another new version of the virus designed to spoil the upcoming ``Mother's Day'' holiday that will be celebrated in the United States on May 14, a variant of LoveLetter sends e-mails that appear to be a confirmation of an electronic gift order.

Another variant appears to have originated in Lithuania, in which the subject line reads, ``Susitikem shi vakara kavos puodukui.'' In Lithuanian, the sentence translates into: ``Let's meet this evening for coffee.''

And still another has ``fwd: Joke'' in the subject line and an attached file called ``Very Funny.vbs,'' which when opened has a similar impact as the ``Love Bug.''

The Defense Department revealed on Friday it had become one of the most noteworthy victims of the virus, which contaminated at least two classified U.S. military computer systems. The problems were quickly isolated and no damage was done, a Pentagon spokesman said.

But even though the number of virus strains have increased, already infecting tens of millions of computers, companies that specialize in protecting computers from such sabotage say this latest Internet scourge is starting to abate.

``There have been maybe 10 times fewer reports (of computer virus infection) today than yesterday,'' said Sal Viveros, group manager for Network Associates' (NasdaqNM:NETA - news) Total Virus Defense. ''I think people are more aware of what to look for. They know not to open attachments from people they don't recognize.''

``We've made great strides since the outbreak early Thursday,'' Viveros said. ``By Monday, it should be pretty much under control.''

He added that more people have made an effort to get the most recent anti-virus software installed.

Nevertheless, security experts said the Love Bug was far more devastating than last year's bug named Melissa, with losses now counting in the billions of dollars from damaged data and the distractions of fighting the software scourge.

About 45 million computers around the world have been affected by various strains of the virus, according to one estimate from Computer Economics, a research firm in Carlsbad, Calif.

``We estimate $2.61 billion of damage has been done worldwide,'' said Samir Bhavnani, a research analyst with Computer Economics. ``By Wednesday, the total can reach $10 billion by Wednesday. We see damages growing by $1 billion to $1.5 billion a day until the virus is eradicated.''

Other experts said actual damage estimates would be harder to pin down.

Philippine police sources said the author of the ``Love Bug'' may be a 23-year-old man living in a Manila suburb, but computer security experts cautioned that computer hackers could write in clues to mislead investigators.

Manila police were probing the case after a request from the U.S. Federal Bureau of Investigation. A Manila Internet service provider, Supernet, had earlier said the virus appeared to have first spread from two of its e-mail accounts.

Meanwhile, in Washington, U.S. Republican Sen. Robert Bennett raised questions on Friday whether the government's top security watchdog was caught napping when the ``Love Bug'' surfaced.

The National Infrastructure Protection Center, the top U.S. cyber-cop led by the U.S. Federal Bureau of Investigation, is responsible for detecting and deterring cyber-attacks on federal computer systems.

It failed to post an alert about the ``Love Bug'' on its Web site until 11 a.m. (1500 GMT) Thursday, up to 12 hours after the harm began spreading by e-mail in Asia.

The outbreak of new variations of the virus have kept software companies on their toes. Business software maker Computer Associates International said it was relatively easy to create new strains of the virus.

``There's a potential that anyone who receives this virus can go to the Internet and (find) tools to change codes within the virus program that can give the e-mail or the attachment a new name,'' said Simon Perry, vice president for security products at Computer Associates International Inc. (NYSE:CA - news). The Islandia, N.Y.-based company supplies anti-virus programs among its range of software for big businesses.

Network Associates' Viveros said there were some attempts to change the way the viruses work, but thus far they have been unsuccessful.

The damage is limited to users of the Microsoft Windows operating system, said Gene Hodges, president of, a maker of anti-virus software and a unit of Network Associates. ''We've seen no evidence of affected users of Apple, Linux or Unix operating systems,'' he added.

More on Micorsoft Security Breaches

Back To The Study