You could blame the Love Bug infestation on the romance of springtime, simple human curiosity – or on the vulnerability of the Internet and ubiquity of programs such as Microsoft Outlook. Like the Melissa virus, which rang up an estimated $80 million in damages one year ago, the Love Bug targeted Outlook users and used the Net to propagate itself. But unlike Melissa, which took a few days to wreak havoc and headlines, the Love Bug spread in a few hours, unleashing a flood of malicious code when users clicked on the file attachment included in the e-mail. Among its victims: the English House of Commons and the U.S. Defense Department, which had to shut down parts of their networks to fully stamp out the infection. “It’s much more sophisticated than Melissa in that it uses a number of ways to propagate itself,” says Kathy Fithen, a manager of the Computer Emergency Response Team (CERT).
That’s because Melissa merely sent itself to the first 50 users in a victim’s address book – creating a tsunami of Internet traffic in the process. But the Love Bug carries a more ambitious blueprint. When activated, it sends itself to all of a victim’s contacts and also attempts to infect other users through an Internet chat community, called IRC. Meanwhile, the attachment runs a program that searches out and destroys digital photographs and music files on the victim’s hard drive. Finally, just in case you don’t already want to turn your computer into a doorstop, the bug can also direct the user’s Web browser to a site in the Philippines. The site was set to upload a program that would steal passwords from your computer. But early in the Love Bug’s reign of techno-terror, technicians at the Manila-based ISP, Sky Internet, which hosted the Web site, found and removed the password-sniffing program.
Still, that didn’t stop the Love Bug from continuing to cause trouble. After Asia, it moved to Europe, where Sal Viveros, director of the virus-defense group at Network Associates, says the damage was “as bad as we’ve ever seen.” Viveros estimates that 80 percent of businesses were hit in Sweden, 70 percent in Germany. Zurich’s Kloten airport was plagued by flight delays due to the bug; in Regensburg, Bavaria, and Hamburg, Germany, it cost local papers their entire photo archives. But most of the damage was limited to lost time and the inability to send e-mails for the day.
Despite the early warnings from Europe, oblivious Americans logged on and clicked, enticed by the amorous subject heading. In Washington, the Defense Department reported “fairly widespread” damage to non-classified e-mail systems – and to four classified ones, including, according to sources, computers at the supersecret National Security Agency, which is responsible for eavesdropping on other countries. Officials say the virus was quickly contained and the actual damage was minimal.
The Feds were in good company. Computers at the campaign headquarters of George W. Bush were shut down after becoming infected on Thursday. ABC and NBC were both overrun. In Silicon Valley, Calif., most companies had to take their e-mail servers offline to clean up the mess. Workers found themselves struggling to get by without a technology they didn’t have just 10 years ago. For example, at the Mountain View, Calif.-based Silicon Graphics, the IT department sent out a companywide voice mail early in the morning, alarming employees to the threat. Still, enough clicked on the bug that the e-mail system was down for the rest of the day. Not having e-mail “was paralyzing, absolutely crippling,’ says Christine Freese, a PR rep.
So, exactly who was behind the greatest love-in since the days of John and Yoko? By the end of last week the FBI was trying to figure that out, working with police in the Philippines, where the virus is believed to have been spread from an account at a Manila Internet service provider. They began with a few key clues. Hidden in the virus code was a few lines of text, which included the hacker’s alias, “Spyder,” and references to a college based in the Philippines. (It also contained the awkwardly worded phrase “I hate go to school.”) A senior law-enforcement official told NEWSWEEK that authorities had the suspect in their sights within 24 hours of the first virus reports: a young man in his early 20s living outside Manila. By Saturday night, investigators were waiting for a Philippine judge’s approval to search the suspect’s computer.
But many security experts around the world say that Spyder should get only part of the blame. They point another finger in a more familiar direction – Microsoft. The Redmond, Wash., software giant makes Outlook, which commands about 85 percent of the corporate e-mail market and is thus a prime target for virus writers seeking to inflict the maximum amount of damage. Richard Smith, the security expert who tracked down the New Jersey programmer responsible for Melissa, charges that Microsoft is irresponsibly adding “scripting” features into new versions of Office and Windows. These tools make it easier for tech-savvy users to automate routine tasks, but they can also be exploited by virus writers who want to craft small, malicious programs and spread them via e-mail. Including Web-scripting tools in its products “seems to me an extremely questionable decision by Microsoft,” Smith says.
Microsoft execs counter that the Love Bug is “a human issue” – e-mailers need to think twice before they click on attachments without scanning them with the latest antivirus software. And they refuse to consider eliminating features. “If we start to take functionality out of products every time there’s a virus, our products aren’t going to be very useful down the road,” says Scott Culp of Microsoft’s Security Response Team. He also lays out Microsoft’s plans to beef up the security of its Office products. The next release of Outlook will require users to save attachments to their hard drive before they open them, so they can then be scanned before they’re launched. That will add a layer of repellent to ward off viruses like the Love Bug.
To many in the security community, added precautions can’t come soon enough. By the end of last week the Love Bug had a dozen imitators crisscrossing the Net and seducing users anew. Since it’s so easy to read the virus source code, experts say hackers around the globe are simply copying the program, adding their own unique twists and sending it back out into the wild. One newer version masquerades as a joke; another as a confirmation of a $300 Mother’s Day “diamond special.” Perhaps the most insidious is called Virus Alert, and claims to offer a software fix to the Love Bug itself. Click on it, and you get not remediation but renewed devastation – it deletes crucial system files, so that your computer can’t be turned on.
Experts say we better get used to these kinds of annoyances. As long as we remain hooked on the Net, they’ll likely become irritating facts of life, like head colds and clogged freeways. At least some folks found a way to laugh about that last week. David Letterman did a “Top 10 signs you have a lame virus” (No. 1 reason: “It’s programmed to go off sometime in the year 1963”). Sarcastic Love Bug spoofs circulated in various virus-scarred corporate networks. At RLM Public Relations in New York, several employees who had their e-mail programs set to automatically open attachments detonated the Love Bug, crashing the system. But by the end of the week one employee had e-mailed the entire company. The subject line: “I like you, but I’m just afraid to commit.”
