|
NewLove proves less costly
|
 |
May 19, 2000: 7:58 p.m. ET
NewLove is easier on corporate wallets than earlier Love Letter
By Staff Writer Michele Masterson
|
NEW YORK (CNNfn) - While a new computer virus, NewLove, created a busy day for security experts Friday, preliminary reports indicate it hasn't harmed as many businesses as its earlier cousin, the "Love Bug" or "Love Letter."
The infamous Love Letter virus is believed to have cost corporations, governments, and individuals as much as $7 billion in downtime or lost productivity, as well as damage by corrupting files. But so far, NewLove is not snaking through PC users' e-mail as quickly. While the new virus is transmitted in the same manner as Love Letter and the two are written in the same language, NewLove uses different computer code.
|
|
VIDEO
|
|
Simon Perry, of Computer Assoc. shares tips on protecting your computer with CNNfn.
|
|
Real
|
28K
|
80K
|
|
Windows Media
|
28K
|
80K
|
|
Tom Powledge, product manager for Symantec Corp.'s Norton Internet Security software, said he has heard reports of the NewLove virus from "a handful of corporations in the U.S. and Europe." He hasn't received reports of it from any consumers.
The CERT Coordination Center, a government-chartered computer emergency team at Carnegie Mellon University in Pittsburgh, had no reports of NewLove attacks as of Friday afternoon, according to a recorded announcement.
Keith Peer, chief executive officer of Central Command Inc., a privately held anti-virus company in Medina, Ohio, said that as of early Friday just two of the 68 Fortune 500 companies the company covers reported being hit by the new virus.
Still, the FBI said Friday it has begun an investigation into the new virus and posted an alert on its computer investigation Web site, the National Infrastructure Protection Center.
While NewLove appears to be much less widespread than Love Letter, the new virus does more damage to a user's computer if it's launched. Love Letter destroyed only picture and multimedia files, such as those with the extension JPG. NewLove, by contrast, targets every file on a user's hard drive.
The sheer destructive power of the new virus is one reason it hasn't spread as quickly as Love Letter. In many cases, it essentially destroys its host before it can move onto the next victim, like a human virus that kills people so fast they don't have the opportunity to infect others.
"The virus has the potential to snuff itself out because it can destroy an entire hard drive before it replicates," said Symantec's Powledge.
Love Letter made users wary
Another reason NewLove hasn't spread as fast as Love Letter is that corporations had their guard up following the earlier virus.
"There was fast action by the anti-virus vendors, which were able to send out alerts to customers, and there is a heightened awareness of security issues among corporations," Powledge said.
"It seems as though people are way ahead of the curve on this one, so there may have been a silver lining to Love Bug," said Steve Casey director of corporate communications at RSA Security, a Bedford, Mass.-based encryption and security software firm. So far, RSA has not received reports of any of its clients being affected by the worm.
"Are people more prepared now, or has their paranoia heightened to the point where they'll shut down the company e-mail system when it seems like there is a problem to prevent its propagation?" Casey asked.
In some ways, NewLove is a more clever and diabolical virus than its predecessor. When Love Letter spread through e-mail, it used the same subject line every time. By contrast, NewLove is polymorphic. Each time it replicates, it uses the name from a recently accessed file on a user's machine along with "FW:".
"This virus writer has tried to be more clever and more malicious with the destructive nature of payload and the fact that it's polymorphic," said Symantec's Powledge.
"People need to be much more vigilant in looking at e-mails," said Michael Vatis of the National Infrastructure Protection Center on CNNfn. "Just as with the original Love Letter virus, the e-mail will appear to come from someone you know."
If Microsoft Outlook is not installed on a computer, the virus will not be able to replicate, but it will start to delete files from a user's hard drive immediately, Central Command's Peer said.
Cure worse than fix?
Microsoft does have a patch for the original Love Letter virus that also will work on the new virus, said Chris LeTocq, research director at the Gartner Group.
"Unfortunately, the fix changes Outlook so drastically for many organizations that have applications integrated with it, such as Siebel, PeopleSoft, or SAP, that those applications just aren't going to function they way they're supposed to," LeTocq said.
"In the analysis that we have of the bug on the Gartner site, we say that organizations should carefully evaluate the impact of putting in this Outlook fix because the cure may just be worse than the disease," he said. Until Microsoft comes out with the final version of its Outlook fix, computer users can fight scripting viruses by disabling the scripting host within Windows.
The stocks of computer security firms and anti-virus makers didn't benefit from the new virus scare. McAfee (MCAF: Research, Estimates) closed unchanged at 27, Internet Security Systems (ISSX: Research, Estimates) was off 2-1/8 at 79-1/2, Symantec (SYMC: Research, Estimates) slipped 5/8 to 62-5/16, and RSA Security dropped 2-1/4 to 55-1/4. 
|
|
|
|
|
|
New virus hits e-mail
|
Note: Pages will open in a new browser window
External sites are not endorsed by CNNmoney
|
|
|
|
 |
|
