The business world today was hit hard by a potent virus that has been dubbed "Love Letter" or "the Love Bug." The malicious software code is a VBScript worm that spreads through email transmissions, taking the form of a chain letter. The dangerous emails are titled "I Love You," and have associated attachments dubbed "LOVELETTER."
Reports now indicate that the Love Bug message is re-appearing under new guises such as "Very Funny" and "New Joke."
Indications are that hundreds of thousands of computers may have been hit by the worm, which spreads via Microsoft's Outlook email system. Sites throughout Europe and Asia were hit early on Thurday, and reports of problems in the US continued through the day.
The full gamut of systems of was hit. Targets ranged from systems used by home-based workers to the US Congress in Washington D.C. and the House of Commons in London, UK. Makers of anti-virus software have quickly moved to combat a combination of code that acts both as a virus that alters users' files and as a worm that attacks other networked machines. Music and photo files are among those that the bug targets.
In Washington, the FBI's National Infrastructure Protection Center for Information System said that variants of the worm are believed to use subject lines of "joke" and "Susitikim shi vakara kavos puodukui…" These variants may behave differently than the original worm and impact different files. The FBI has opened an investigation to determine the origin of the virus.
The Computer Emergency Response Team (CERT) Coordination Center at Carnegie Mellon University in Pittsburgh said that it had received over 150 reports of the virus as of 10 a.m. EST Thursday. CERT managers said that figure was unusually high for an email virus.
When the bug attacks, it first copies itself to the Windows System directory, according to Web security firm F-Secure (formerly Data Fellows) of Espoo, Finland. It then adds itself to the Windows registry to enable it to be executed when the system is restarted.
Unlike the Melissa email virus of 1999, the Love Bug is is a very destructive virus with two very damaging types of payloads. The first one is a password-stealing Trojan horse application that emails passwords to an address in the Philippines. The second payload replaces and renames all .wsh, .sct, .hta, .jpg, .vbs, mp3 and mp2 files.
Dan Takata, manager of F-Secure's training division in San Jose, Calif., said that the company first discovered the virus on Thursday at 1 a.m. PDT.
Like others, he indicated that Asia may be the virus' source. Since its first siting, the bug has spread quickly through Asia, Europe, and the US. Takata noted that the software can retrieve and transmit users' passwords to a computer address in the Philippines, but that does not necessarily mean the bug was spawned in the Philippines. Reports indicated that sites to which the worm sends passwords have been shut down.
For some, the Love Bug has wreaked real havoc. "One company I talked to specializes in stock photography, and they lost a whole database ... and they didn't have a backup," Takata said. "I have talked to several Fortune 500 companies that have been affected and lost information."
As long as users don't open the virus, they are safe, he said. A good step for network administrators, Takata indicated, may be to switch off .vbs and .wsh file support within Windows Explorer so that users cannot inadvertently open the virus.
The Love Bug has spread much more quickly than the Melissa virus, Takata said. Melissa seemed to appear on a Friday afternoon as businesses were closing. That gave savvy network administrators more time to limit damage. The Love Bug was sent out on a Thursday morning as people were beginning the workday.
"This is the fastest spreading virus we have ever seen," Takata said.
Includes material from IDG News Service.