News > Technology
U.S. catches 'Love' virus
May 5, 2000: 11:33 p.m. ET

Quickly spreading virus disables multimedia files, spawns copycats
By Staff Writers David Kleinbard and Richard Richtmyer
graphic graphic
NEW YORK (CNNfn) - The newly discovered "I Love You" virus that swept through banks, securities firms, and Web companies in the United States Thursday and later spawned copycat viruses has proved in large part to be more of an annoyance than a costly disruption of business.

The virus did cause damage, however, at companies that make heavy use of multimedia files, such as magazines and advertising agencies, because it overwrites picture files with "jpg" extensions and MP3 music files.

graphic The "Love Bug" bit the computer world hard on Thursday in the latest sign of how vulnerable the global infrastructure is to easy-to-launch and hard-to-detect hacker attacks.
Real 28K 80K
Windows Media 28K 80K
In addition, the virus could result in some security breaches weeks or months from now because it can steal network passwords from a computer and send them to a remote location, security experts said. (MCAF: Research, Estimates), makers of the best-selling VirusScan security software, said that 60 to 80 percent of its Fortune 100 clients were infected by the virus. McAfee released a software patch that can identify the virus Thursday afternoon.

As corporate employees headed home Thursday, network administrators scrambling to contain the virus were also battling copycat attacks, including one dubbed "very funny." The new variants can elude anti-virus software designed to block the I Love You bug and could potentially cause the same damage. Dozens more copycat attacks are expected, security experts said.

The I Love You virus spreads quickly among users of Microsoft Outlook and corporate networks that use the Microsoft Exchange e-mail server because it sends a copy of itself to every e-mail address in a recipient's Outlook address book. By contrast, the "Melissa" virus, which spread around the globe in March 1999, sent itself only to the first 50 people on a victim's address book.

Click here to read's full coverage of the I Love You computer virus story

"Its transmission technique is somewhat similar to Melissa," said Chris Rouland, director of the X-Force security research team at Internet Security Systems (ISSX: Research, Estimates) in Atlanta. "Once launched, it downloads an executable backdoor program from one of four Web sites. That program, Win-Bugsfix, steals passwords stored on that computer and sends them to an e-mail address in the Philippines."

graphicIf a person whose computer has been infected with I Love You uses the popular Internet chat program mIRC, the virus will attempt to transmit itself to every user who enters the chat room, Rouland said.

Rob Clyde, vice president of security management at Axent Technologies (AXNT: Research, Estimates) in Rockville, Md., said that the virus tries to connect to one of four Web sites, but that those sites were down today.

"In theory, it could allow the people who own those sites to get access to your computer, but there is no indication that the virus has ever been successful at connecting to those sites," Clyde said.

"A lot of companies shut off their e-mail systems to contain the virus, which caused disruption," Clyde said.

Business as usual at investment banks

All the major commercial and investment banks contacted by Thursday reported having individual computers infected with I Love You. However, none said that trading activities were disrupted because of it.

graphic"The virus was not debilitating at all - it was more of a nuisance or annoyance than anything," said Russell Sherman, a spokesman for Bear Stearns in New York. "We isolated the servers that were affected."

"It had no impact on applications or client business," said PaineWebber spokesman Paul Marrone. "We learned of the virus early this morning, notified all employees, and are in the process of cleaning it up."

ISP's say customer accounts still working

Internet service providers also reported that I Love You had a minimal impact on their business and their customers. They also pointed out that corporate e-mail systems appear to be more vulnerable to the virus than most home e-mail users because of the widespread use of Microsoft's Outlook and Exchange products.

"We're still doing a fair amount of scrambling to find out exactly what the impact is, but so far it has not affected the mail delivery to our members," said Steve Dougherty, director of technology acquisition at Earthlink (ELNK: Research, Estimates), the second-largest U.S. Internet service provider.

"Earthlink service has been available full time," Dougherty added. "And the volume of traffic on our mail servers is not appreciably different than normal."

Competing Internet service provider Concentric Network also reported that the company and its customers were not seriously hurt by I Love You.

The number of e-mail messages containing the virus on Concentric's customer e-mail servers was minimal, according to David Schairer, the company's chief systems architect.

"Out of about 5,000 messages that I scanned, I saw 17 virus traces. That's much lower than I would have expected," Schairer said.

However, the virus caused some internal problems at Concentric's corporate offices. "We saw a little bit of it, and our security people went right to work on it," Schairer said. "When you have 1,000 or more people, there will always be some who have their mail clients configured to allow these things through."

Even so, Schairer warned that since the virus was developed using a programming language that is easy to understand, further attacks are likely.

graphic"This is going to get worse before it gets better," he said. "The code is very easy to read, and there will be copycats. Every teenager who understands a bit of Visual Basic can download this thing now, do their own thing with it, then distribute it again."

Customers at America Online, the largest U.S. Internet service provider, have been relatively unaffected, although the company is taking steps to alert them of the virus, said spokesman Rich D'Amato. AOL has its own proprietary e-mail program, which has been unaffected by the virus, D'Amato said. AOL has a pending merger agreement with Time Warner, the owner of CNNfn. spokesman Bill Curry said that he was unaware of any problems created by the virus at the online retailing giant. Likewise, a spokesman for the online auction site eBay said the site is "operating at full strength."

Security of Microsoft Outlook questioned

Technology experts blamed the rapid proliferation of the virus on Microsoft putting usability ahead of security in the design of its products.

"Microsoft could have done things to make its products more secure, but Microsoft is in the business of making everybody's life easier," said Steve Fallin, director of the rapid response team for Seattle-based Internet security firm WatchGuard Technologies.

"Microsoft has been kind of lax with their security posture," said Michael Zboray, chief technology officer for Stamford, Conn.-based consultant Gartner Group.

While admitting that Outlook was targeted for its reach, Microsoft security manager Scott Culp said the effectiveness of the I Love You virus was not due to a design flaw in Outlook and that the program has built-in features to increase security. Back to top

- Reuters contributed to this report.


Note: Pages will open in a new browser window
External sites are not endorsed by CNNmoney