A good rule of thumb is that if it looks suspicious, delete it without opening it

From Diana J. Choyce
May 08 - 21, 2000

The newest virus to hit computers came out last week and wreaked havoc in many places. It struck systems that send and receive unclassified email all over the world. The virus creates a replication chain that sends itself to every address in the users email address book. This causes systemwide failures by overwhelming the email servers. In the States both the Army and the Navy had to shut down their email systems. And other armed services either had their systems affected by the virus or had to shut down to avoid. This included the Secretary of Defense. "We have found absolutely no evidence that this has infected any classified computer networks," he said. Such systems aren't linked to the global Internet. Military personnel throughout the chain of command today were alerted to the virus, urged to set up filters in their e-mail systems and issued instructions for eradicating the virus. "We are urging all our people to avoid any contact, intimate or otherwise, with the "love bug" virus," Bacon quipped. Pentagon computer experts worked intensively with the software manufacturers McAfee and Symantec and others to come up with vaccines against the virus, he said. Still, it's clear that message didn't reach everyone in time. "I've had about 40 of them this morning,"said Bacon. A daily Pentagon service that distributes news clippings passed the virus widely throughout the military. He suggested the virus hadn't slowed down communications too significantly. "I don't believe this has had a major impact. At least none has been reported to me. We may not have a full assessment yet of what the impact has been. Our next step will be to use this opportunity as a way to sharpen our defenses against new viruses that might come out in the next months," he said.

Experts believe the virus was created in Manila where it affected systems of the Philippine banks, universities and e-commerce businesses. The subject line of the e-mail expresses a universal concept and greets users with a fairly universal phrase "ILOVEYOU." The message inside reads: "kindly check the attached LOVELETTER coming from me." If an attachment contained in the e-mail is opened, the virus rapidly proliferates by automatically sending copies to everyone listed in a user's e-mail address book. That, experts say, has rapidly overloaded e-mail servers around the world, slowing them down, or stopping them, and preventing other e-mail from being sent. "Companies have been blitzed by this thing and are switching off e-mail systems," says Graham Cluley, who heads corporate communications at the computer security company Sophos Anti-Virus. "We've had calls from all around the globe this morning. Viruses don't discriminate." In Asia the virus took down the computers at the Dow Jones's newswire service and also affected the Asian Wallstreet Journal. Both business had no problem with their publishing although the virus took out their email. In Britain, the virus infected the House of Commons and thousands of other businesses. "This means that no member can receive e-mails from outside, nor indeed can we communicate with each other by e-mail," she said. By mid-afternoon, an estimated 30 percent of British companies' e-mail systems were affected, according to U.K. government sources. Among those hit were telecommunications giants British Telecom, ATT, and Cable and Wireless in London, as well as numerous media organizations including the BBC, law firms, and banks, including Barclays. "The cost could easily run in the tens of millions of pounds in the U.K. alone," said a spokesman for Lloyd's of London insurers. "One of the reasons why this virus is so popular is because it makes a tug on your emotions," says Cluley, of Sophos Anti-Virus. "Everyone is largely driven by their loins and, well, love can get you in trouble."

But he notes, "Countries that don't use English might not be as affected, because the virus communicates through an e-mail that tells you in English to open it." Nevertheless, countries whose first language isn't English haven't quite dodged cupid's poison arrows. The Swedish government today reported 80 percent of Swedish e-mail companies were down. Companies in Denmark, Norway, the Netherlands and Switzerland were also hit. The virus also swept the Baltics. Estonia reported businesses, banks, a heating utility, and even President Lennart Meri's office were hit. "It's been a big nuisance," said Linnar Viik, Internet technology adviser for Estonia's Prime Minister Mart Laar. "It is the most widespread virus incident ever. This is two or three times more widespread than Melissa and more destructive than Melissa as it deletes files from your system," Mikko Hypponen, manager of anti-virus research at Finland's security software services group F-Secure Corp., told Reuters. Few, if any, problems were reported in Japan, where many of the largest companies are shut down for holidays. Sources at NHK, the government-funded public broadcasting system, report no problems there. No major problems were reported in China, either, by early Friday morning.

No one knows who wrote the virus, but experts are already speculating. Eric Chien of Symantec suspects the virus was written by a student, probably 14 to 28 years old and probably male as well. "He seemed to just write it because he was bored. He probably has no idea he'd cause so much chaos," Chien said, citing code within the virus and past experience with virus writers. Two lines within the virus identify the author as "Spyder," part of the "@GRAMMERsoft Group" from Manila, Philippines. They say: "I hate go to school." The author also offers his opinion of his work: "simple but I think this is good". "The group name is not familiar," said security consultant Brian Martin. "Spyder" is a common name in the electronic underground, but the virus contains an e-mail address that should help track him, Martin said. As security experts have been saying all along, be very careful about opening email attachments. A good rule of thumb is that if it looks suspicious, simply delete it without opening it. And make sure your email is NOT set to automatically opens attachments.