A good rule of thumb is that if
it looks suspicious, delete it without opening it
From Diana J. Choyce
May 08 - 21, 2000
The newest virus to hit computers came out last week and wreaked havoc
in many places. It struck systems that send and receive unclassified email all over the
world. The virus creates a replication chain that sends itself to every address in the
users email address book. This causes systemwide failures by overwhelming the email
servers. In the States both the Army and the Navy had to shut down their email systems.
And other armed services either had their systems affected by the virus or had to shut
down to avoid. This included the Secretary of Defense. "We have found absolutely no
evidence that this has infected any classified computer networks," he said. Such
systems aren't linked to the global Internet. Military personnel throughout the chain of
command today were alerted to the virus, urged to set up filters in their e-mail systems
and issued instructions for eradicating the virus. "We are urging all our people to
avoid any contact, intimate or otherwise, with the "love bug" virus," Bacon
quipped. Pentagon computer experts worked intensively with the software manufacturers
McAfee and Symantec and others to come up with vaccines against the virus, he said. Still,
it's clear that message didn't reach everyone in time. "I've had about 40 of them
this morning,"said Bacon. A daily Pentagon service that distributes news clippings
passed the virus widely throughout the military. He suggested the virus hadn't slowed down
communications too significantly. "I don't believe this has had a major impact. At
least none has been reported to me. We may not have a full assessment yet of what the
impact has been. Our next step will be to use this opportunity as a way to sharpen our
defenses against new viruses that might come out in the next months," he said.
Experts believe the virus was created in Manila where it affected
systems of the Philippine banks, universities and e-commerce businesses. The subject line
of the e-mail expresses a universal concept and greets users with a fairly universal
phrase "ILOVEYOU." The message inside reads: "kindly check the attached
LOVELETTER coming from me." If an attachment contained in the e-mail is opened, the
virus rapidly proliferates by automatically sending copies to everyone listed in a user's
e-mail address book. That, experts say, has rapidly overloaded e-mail servers around the
world, slowing them down, or stopping them, and preventing other e-mail from being sent.
"Companies have been blitzed by this thing and are switching off e-mail
systems," says Graham Cluley, who heads corporate communications at the computer
security company Sophos Anti-Virus. "We've had calls from all around the globe this
morning. Viruses don't discriminate." In Asia the virus took down the computers at
the Dow Jones's newswire service and also affected the Asian Wallstreet Journal. Both
business had no problem with their publishing although the virus took out their email. In
Britain, the virus infected the House of Commons and thousands of other businesses.
"This means that no member can receive e-mails from outside, nor indeed can we
communicate with each other by e-mail," she said. By mid-afternoon, an estimated 30
percent of British companies' e-mail systems were affected, according to U.K. government
sources. Among those hit were telecommunications giants British Telecom, ATT, and Cable
and Wireless in London, as well as numerous media organizations including the BBC, law
firms, and banks, including Barclays. "The cost could easily run in the tens of
millions of pounds in the U.K. alone," said a spokesman for Lloyd's of London
insurers. "One of the reasons why this virus is so popular is because it makes a tug
on your emotions," says Cluley, of Sophos Anti-Virus. "Everyone is largely
driven by their loins and, well, love can get you in trouble."
But he notes, "Countries that don't use English might not be as
affected, because the virus communicates through an e-mail that tells you in English to
open it." Nevertheless, countries whose first language isn't English haven't quite
dodged cupid's poison arrows. The Swedish government today reported 80 percent of Swedish
e-mail companies were down. Companies in Denmark, Norway, the Netherlands and Switzerland
were also hit. The virus also swept the Baltics. Estonia reported businesses, banks, a
heating utility, and even President Lennart Meri's office were hit. "It's been a big
nuisance," said Linnar Viik, Internet technology adviser for Estonia's Prime Minister
Mart Laar. "It is the most widespread virus incident ever. This is two or three times
more widespread than Melissa and more destructive than Melissa as it deletes files from
your system," Mikko Hypponen, manager of anti-virus research at Finland's security
software services group F-Secure Corp., told Reuters. Few, if any, problems were reported
in Japan, where many of the largest companies are shut down for holidays. Sources at NHK,
the government-funded public broadcasting system, report no problems there. No major
problems were reported in China, either, by early Friday morning.
No one knows who wrote the virus, but experts are already speculating.
Eric Chien of Symantec suspects the virus was written by a student, probably 14 to 28
years old and probably male as well. "He seemed to just write it because he was
bored. He probably has no idea he'd cause so much chaos," Chien said, citing code
within the virus and past experience with virus writers. Two lines within the virus
identify the author as "Spyder," part of the "@GRAMMERsoft Group" from
Manila, Philippines. They say: "I hate go to school." The author also offers his
opinion of his work: "simple but I think this is good". "The group name is
not familiar," said security consultant Brian Martin. "Spyder" is a common
name in the electronic underground, but the virus contains an e-mail address that should
help track him, Martin said. As security experts have been saying all along, be very
careful about opening email attachments. A good rule of thumb is that if it looks
suspicious, simply delete it without opening it. And make sure your email is NOT set to
automatically opens attachments.
