[May
8,
2000]
I Love You To Death
Did someone tell you "I love you" last week? Did you share
the love with others? I arrived at work on the morning of Thursday, May
4th and was surprised to find one of our art directors declaring his love
for me in an e-mail. I was perplexed when one of our TMC Labs engineers
confessed that he was sweet on me, too. But I ceased feeling like the most
popular girl in the office when our production manager also admitted she
had a secret crush on me -- instinct told me to immediately delete the
heartfelt e-mails. Some of my co-workers, like co-workers in so many
offices worldwide, were not so lucky. The I LOVE YOU virus, first reported
in Hong Kong, struck hard and fast and moved across the world's time zones
likewell, like a virus.
If the bug was an irritant to me and a headache to IT staffs worldwide,
I felt somewhat mollified to find out that the Pentagon, Britain's House
of Commons' e-mail systems, many vital systems of the Government of
Denmark, and even the e-mail infrastructure at Hillary Clinton's Senate
campaign headquarters were strongly affected by the virus. These were
people that had far larger problems than I did.
The Worm Attacks
In most cases, the virus -- also called a "worm" in the tech
world -- wriggled its way into companies via Microsoft Outlook. It then
replicated and attacked the address book function of Outlook users -- in
some cases, sending copies of itself to all the e-mail addresses it found.
The worm was released when users clicked on the attachment in the I LOVE
YOU e-mail and launched the Visual Basic script. In some instances, the
virus was deleting files off users' hard drives, particularly those in MP3
and JPG formats, and was also affecting Internet browser configurations.
Some Internet users found their start pages redirected to a Web site
registered in the Philippines.
Though the virus hit hard worldwide, perhaps even doing significantly
more monetary damage than last year's "Melissa" virus, many U.S.
companies knew of the virus early enough to minimize damage from what
disaster it could have wrought.
Most companies responded quickly by installing virus protection updates
that were either patched together by savvy IT managers or came from
third-party sources. Companies such as Symantec
Corp. and McAfee immediately
posted "fixes" on their Web sites. Many companies disallowed the
sending and receipt of outside e-mail during the hours of attack, and
other companies blocked any e-mail that had attachments, particularly
attachments with Visual Basic extensions.
It seems amazing and terrifying to most of us that one individual
could, in a few hours, cause chaos and enormous monetary damage to
millions of computer users worldwide. A virus brings these concerns to a
personal level. Someone created a computer worm and it ended up in MY
inbox -- who is this person and how did he get in? Why did he even want to get in?
We may have a name and a face to put with the perpetrator. Last Friday,
May 5, CNN.com announced that a Filipino ISP confirmed that a subscriber
to their service is believed to be the author of the virus. The man, whose
e-mail alias is "Spyder," has two e-mail accounts with Access
Net, one of the largest ISPs in the Philippines. According to CNN, the
beginning of the virus code includes the alias "Spyder" and is
signed "Manila, Philippines."
Then this morning, news broke that Philippine investigators have
detained a man for questioning after searching the home of the suspected
creator of the virus. Agents of the National Bureau of Investigation took
the 27-year-old man into custody in an apartment in Manila. Preliminary
reports indicate that the virus may have actually been written in order to
gain free Internet access by sniffing out IDs and passwords for users'
accounts.
Not Just A Patch: Vaccines
Several companies have stepped forward to point out that their products
can help alleviate the severity of such attacks. One is Tripwire,
Inc., a provider of integrity assessment software. The company is
offering a software product designed to act as a sort of "digital
safety net." The module detects changes, viruses, backdoors, and
intrusions, even if they are unknown to other security software programs.
The software aims to detect any file modification, addition or deletion to
a file system, regardless of source: virus, intruder, or vindictive
employee.
Mother's Day Is Almost Here
On the heels of the I LOVE YOU virus were warnings that another worm was
on its way. The Mother's Day worm arrived as a confirmation of an
electronic gift order. The words "Mother's Day Diamond Special"
appeared in the subject line of the e-mail. The attachment, named
mothersday.vbs, was disguised to look like an electronic confirmation or
invoice. Users opening this invoice will launch the Visual Basic script,
enabling the worm's progress in an identical manner to the I LOVE YOU
virus. Don't open it, even if you think it's from your mother. She'll
understand.
Another threat is a copycat virus which has in its subject field
"Fwd: Joke," and includes an attachment called "Very
Funny.vbs." This variant is very similar to the I LOVE YOU version,
though it has apparently been changed just enough to be able to get around
many anti-virus programs.
The scariest part about viruses such as these is that in retrospect,
the people who create them will tell you how easy it is. In the wake of
last week's attack, it seems apparent that the best and first defense is
knowledge. When you know what to look for, you can both avoid damage and
warn others in advance. It's ironic that though e-mail viruses spread
quickly and can do a great deal of damage, e-mail can also be the savior
of the day. Many of us had warnings about the virus in our inbox even
before I LOVE YOU arrived, helping us avoid infection. The only other way
to prevent being affect by a virus is to be a keen observer, and recognize
the signs that all is not as it seems.
Why am I telling you this? Because I do love youno, really.
The author will accept e-mails without attachments at troth@tmcnet.com.
|