THE AGE
Love bug begets tribe of insidious offspring
By PAUL HEINRICHS and BRENDAN NICHOLSON
Sunday 7 May 2000
Australian companies and governments will face another
maximum-alert tomorrow morning to deal with variations of
the rampant "love bug" e-mail virus that crippled world
communications on Friday.
The flashpoint will occur when several million office workers
decide whether to open e-mail that may contain as many as
10 variations of the "ILOVEYOU" virus that hit 45 million
users and was estimated to cost $US1 billion in computer
damage and downtime.
Top-secret installations at the Pentagon and the State
Department came under attack from the variants, which
include the so-called Mother's Day virus and even an
insidiously deceptive virus posing as a "virus ALERT!!!"
message from the Symantec AntiVirus Research Centre in the
US.
Symantec is warning that the "alert" is not authorised, and that it
deletes .bat and .com
files. The "alert" should be deleted immediately.
According to Steve Gottwals, of the US group F-Secure, the Mother's Day
virus is
even more destructive than Friday's bug because it can corrupt .ini, or
initialisation
files, preventing a computer from rebooting or starting.
All Commonwealth Government departments have warned staff returning to
work
after the weekend to avoid opening suspect e-mails.
The spokeswoman for Canberra's troubleshooter on communications
problems,
Senator Ian Campbell, said everyone using public service computer
systems would be
greeted with a warning about the e-mails when they next logged on.
Technical staff
were reminded to ensure the latest anti-viral systems were installed.
A spokesman for Treasurer Peter Costello said he was confident that
Treasury
officials had safeguarded Tuesday's budget material.
Meanwhile, Philippine crime busters and Internet service providers say
they have
identified a 23-year-old man whom they suspect to be "spyder", author of
the virus,
which is believed to have originated in Manila.
Almer Mallari, an agent of the anti-fraud unit of the Philippine
National Bureau of
Investigation (NBI), said: "We have a suspect. We are working on the
leads." Jose
Carlotta, chief operating officer of Internet service provider Access
Net Inc, was
quoted in The Philippine Star newspaper saying that a comparison of
notes by
providers had reduced the suspects to a 23-year-old man living in the
lower-middle-class district of Pandacan in Manila.
A message left by the virus had the words "Manila, Philippines" and "I
hate to go to
school" embedded, leading to speculation that the hacker was a schoolboy
in the
Philippines.
Access supplied spyder with the two e-mail addresses from which the
virus originated.
Mr Carlotta said the person behind spyder had paid for one e-mail
address with a
pre-paid plastic card and acquired others by hacking, as Access had no
current name
and address.
Peter Tibbet, of icsa.net, in Virginia, which was used by the US Justice
Department to
quantify the damage caused by the similar, milder Melissa virus, said he
believed the
scale of losses would reach $1billion by Monday, by which time half of
all US
companies would be infected.
In Britain, the Consumers' Association said 30 to 50 per cent of UK
businesses were
affected.
The ingenuity of the virus was that it combined a simple, effective
means of spreading
itself and causing damage with a deft psychological trick - it came
disguised as a love
letter. When IT workers tried to open the letter by clicking on it, they
launched the
virus.
The virus spreads by mailing itself to every e-mail address in a
recipient's notebook, it
overwrites picture and music files and downloads another piece of
software from one
of four remote websites that reads a user's secret passwords and mails
them to the
virus author.
Those remote websites have now been shut down. But other websites can be
substituted and a new version launched to scan more passwords. That is
what
happened yesterday, with at least three other versions of the ILOVEYOU
virus
emerging.
One, "Very Funny", masquerades as a joke. Another purports to be an
e-mail about
Mother's Day. A third is called "Susitikim", which means "let's meet" in
Lithuanian.
Pierre Vandeveune, of the Belgian firm Datarescue, asked why it was that
in
Microsoft's e-mail application Outlook Express a single click by a naive
user was all it
took to launch an alien program that could mess up the entire computer.
"The problem with Microsoft is that all the pieces link together too
well. The system
works so well you don't think about it; you just click, and this virus
can e-mail your
password outside," said Mr Vandeveune.
- With agencies and GUARDIAN
--
_________________________________
Truth is a pathless land. --- Krishnamurti
-------------------------------------------------
------------------------------------------------------
RecOzNet2 has a page @ http://www.green.net.au/recoznet2 and is archived at
http://www.mail-archive.com/
To unsubscribe from this list, mail [EMAIL PROTECTED], and in the body
of the message, include the words: unsubscribe announce or click here
mailto:[EMAIL PROTECTED]?Body=unsubscribe%20announce
This posting is provided to the individual members of this group without permission
from the
copyright owner for purposes of criticism, comment, scholarship and research under
the "fair
use" provisions of the Federal copyright laws and it may not be distributed further
without
permission of the copyright owner, except for "fair use."
RecOzNet2 is archived for members @
http://www.mail-archive.com/recoznet2%40paradigm4.com.au/
