Friday, May 05, 2000
'Love bug' disrupts Tristate computers
E-mail spread destructive virus quickly
By John J. Byczkowski
The Cincinnati Enquirer
A destructive computer virus masquerading as a love letter brought down e-mail systems and vandalized millions of computers worldwide Thursday, disrupting businesses and government and setting off a mad scramble for solutions.
Deborah Al-Uqjah, an administrator at the University of Cincinnati's Department of Management, said she made the mistake of opening the “ILOVEYOU” e-mail and launching its attachment, which overwrites files and makes other damaging changes to the computer. “It's fierce,” she said. “It took me out of commission for a whole half-day.”
|
BEATING THE BUG
|
• If you see “ILOVEYOU” in the subject line of your e-mail, do not open the attachment, “LOVE-LETTER-FOR-YOU.TXT.vbs.” Security experts at Carnegie Mellon University warn that users of Microsoft Outlook e-mail program and a product called Windows Scripting Host may activate the virus by simply previewing the message.
• Deleting the message may not be enough. Disabling active scripting in Internet Explorer and their e-mail program may help.
• Install anti-virus software, if you haven't already done so, and check with manufacturers' Web sites for any updates they may post to kill the virus.
• Network administrators should filter and delete incoming mail with “ILOVEYOU” in the subject line and “LOVE-LETTER-FOR-YOU.TXT.vbs” as an attachment name.
•
CERT Coordination Center at Carnegie Mellon University: www.cert.org
|
New variations of the virus were already circulating by Thursday night, including one disguised as a joke with an e-mail attachment reading “Very Funny.”
“Every day, our Realtors use e-mail extensively to communicate with clients, locally as well as overseas,” said Larry Fisher, Web developer at Sibcy Cline Realtors in Cincinnati. “They can't use it today because we've got it shut down.”
Rick Segal, chief executive officer at HSR B2B, an Internet marketing consulting firm in Springdale, said e-mail was in a state of paralysis, because so many of his clients had shut down their systems.
Thousands of companies were affected, including AT&T, Microsoft, Time Warner, Southern California Edison, Merrill Lynch and Ford Motor Co. Many companies had to shut down their e-mail systems and government offices were also hit, including the British House of Commons, the Pentagon, CIA and the National Aeronautics and Space Administration.
Locally, Cintas and GE Aircraft Engines shut down their e-mail systems temporarily, but little damage was reported. At Fifth Third Bancorp, “we saw it a little before 9 a.m.,” said Jeff Adkins, vice president of technical services. A fix was installed by 9:30 a.m.
The computer security firm ICSA.net estimated that half of all U.S. companies were affected by the VBS/LoveLetterA virus, 15 percent seriously so, and that damage from could amount to as much as $1 billion.
“If this is unleashed on your home computer, I hope you have backups. It is a destructive file. Once it has run, it has done its damage,” said Shawn Hernan, vulnerability team manager at the CERT Coordination Center, the government-chartered computer security team at Carnegie Mellon University in Pittsburgh.
The FBI quickly opened a criminal investigation, and agents were trying to verify reports that the outbreak may have begun in Asia, possibly the Philippines.
The virus disabled e-mail systems on Capitol Hill and State Department officials found the virus in many of their servers early Thursday and “shut off our connection with the outside world,” spokesman Richard Boucher said.
Anti-virus programs were unprepared for the outbreak, and computer experts said there's little computer users could have done to prevent it. “This came out so fast, all the major anti-virus software providers weren't ready for it yet,” Mr. Fisher said.
Anti-virus Web sites were overrun by users trying to get information, making it even more difficult to find answers.
“It's really hard to find reliable information about how to fix the computer right now,” said Matt Troy, a microcomputer support specialist at Miami University in Oxford.
Steve Pollak, founder of the PC On Call computer repair service in Cincinnati, said he was getting ready Thursday afternoon to deliberately infect a computer with the virus, to witness the damage and figure out how to repair it. “This thing just went nuts, and we're still learning about it,” he said.
The virus is contained in e-mails with the subject line “ILOVEYOU.” The body of the message reads “kindly check the attached LOVELETTER coming from me,” and contains an attachment named LOVE-LETTER-FOR-YOU.TXT.vbs.
It affects computers running Windows 98 and later versions of Windows 95. It does not affect Macintosh computers.
Users of the Microsoft Outlook e-mail program are most vulnerable: Once opened, the Love Letter infection locates the address book and e-mails itself to everyone on the list.
Opening the attachments to the ILOVEYOU e-mail sets off a rash of destructive actions: It overwrites JPG picture files, MP3 music files, VBS Visual Basic scripts and a host of other documents. It also makes changes to the Windows Registry — a kind of table of contents for Windows-based computers — which launches the virus every time the computer is restarted.
And, when users launch Internet Explorer, they're taken to a Web site where the file WIN-BUGSFIX.exe is downloaded. The program steals passwords.
GE Aircraft Engines spokeswoman Jamie Jewell said computer administrators there called the Love Letter one of the most sophisticated attacks they'd seen.
“They've been working all day with Symantec (makers of Norton Anti-Virus software) to find a fix, and they expect to be rolling that out very shortly,” she said.
At HSR B2B, word was put out early not to open the ILOVEYOU e-mails. One person didn't get the message, opened the mail and sent eight or 10 ILOVEYOUs to everyone in the company, Mr. Segal said.
Mr. Fisher of Sibcy Cline went so far as to say the virus might not have been a problem had Microsoft Corp. been split up, as is proposed by the Justice Department. Malicious programmers exploit the many links between Microsoft's applications and its Windows operating system, a big reason why Outlook is such a target for hackers.
To avoid problems like this, users need to have their guard up, looking for suspicious e-mails, he said. The ILOVEYOU subject line was a red flag.
“You don't get love letters from people you work with,” Mr. Fisher said.
Latest updates from Associated Press
Big events could crowd city streets
What's happening this weekend
RADEL: Join party for city, landmark
Elephants' world opens wide
'Love bug' disrupts Tristate computers
A monument to steamboats
Doctor group cuts offices and jobs
'Son of Beast' likely to reopen Saturday
Stadium manager bidding approved
Clinton pushes school proposals
Flynts break ground on Mornoe store
Inquiry widening in Butler Co. probe
Luxury suites at unbuilt Reds park set sales record
Maifest plan aims to curb rowdy crowds
MRDD member could be ousted
Teachers fight back at layoffs
CSO gives Mahler radiant moments
GET TO IT
KIESEWETTER: Cable access salutes best work
Parents can make excellent neighbors
Queen City's moments to shine reflected in book
Students 'Pigture Success'
Baseball 1860-style coming to Delhi Twp.
Dental board faces questions
Faith, football and family values
Four would-be mayors differ on city priorities
Kent State bell tolls
Kentucky, horses linked since Daniel Boone's day
Property sale allows ministry to start museum
Protest planned on anthrax vaccine
Public housing tenants agree to move
Report: Traffic stop was valid
Ross High plans to expand
Senior arrested in possible threat
Teacher denies theft
Three students in trouble for threats to schools
Underground limestone mine moving closer for Boone County
