BY TRACEY S. ROTH
Managing Editor, C@LL CENTER CRM Solutions^™

I Love You To Death

Did someone tell you "I love you" last week? Did you share the love with others? I arrived at work on the morning of Thursday, May 4th and was surprised to find one of our art directors declaring his love for me in an e-mail. I was perplexed when one of our TMC Labs engineers confessed that he was sweet on me, too. But I ceased feeling like the most popular girl in the office when our production manager also admitted she had a secret crush on me -- instinct told me to immediately delete the heartfelt e-mails. Some of my co-workers, like co-workers in so many offices worldwide, were not so lucky. The I LOVE YOU virus, first reported in Hong Kong, struck hard and fast and moved across the world's time zones likewell, like a virus.

If the bug was an irritant to me and a headache to IT staffs worldwide, I felt somewhat mollified to find out that the Pentagon, Britain's House of Commons' e-mail systems, many vital systems of the Government of Denmark, and even the e-mail infrastructure at Hillary Clinton's Senate campaign headquarters were strongly affected by the virus. These were people that had far larger problems than I did.

The Worm Attacks
In most cases, the virus -- also called a "worm" in the tech world -- wriggled its way into companies via Microsoft Outlook. It then replicated and attacked the address book function of Outlook users -- in some cases, sending copies of itself to all the e-mail addresses it found. The worm was released when users clicked on the attachment in the I LOVE YOU e-mail and launched the Visual Basic script. In some instances, the virus was deleting files off users' hard drives, particularly those in MP3 and JPG formats, and was also affecting Internet browser configurations. Some Internet users found their start pages redirected to a Web site registered in the Philippines.

Though the virus hit hard worldwide, perhaps even doing significantly more monetary damage than last year's "Melissa" virus, many U.S. companies knew of the virus early enough to minimize damage from what disaster it could have wrought.

Most companies responded quickly by installing virus protection updates that were either patched together by savvy IT managers or came from third-party sources. Companies such as Symantec Corp. and McAfee immediately posted "fixes" on their Web sites. Many companies disallowed the sending and receipt of outside e-mail during the hours of attack, and other companies blocked any e-mail that had attachments, particularly attachments with Visual Basic extensions.

It seems amazing and terrifying to most of us that one individual could, in a few hours, cause chaos and enormous monetary damage to millions of computer users worldwide. A virus brings these concerns to a personal level. Someone created a computer worm and it ended up in MY inbox -- who is this person and how did he get in? Why did he even want to get in?

We may have a name and a face to put with the perpetrator. Last Friday, May 5, CNN.com announced that a Filipino ISP confirmed that a subscriber to their service is believed to be the author of the virus. The man, whose e-mail alias is "Spyder," has two e-mail accounts with Access Net, one of the largest ISPs in the Philippines. According to CNN, the beginning of the virus code includes the alias "Spyder" and is signed "Manila, Philippines." 

Then this morning, news broke that Philippine investigators have detained a man for questioning after searching the home of the suspected creator of the virus. Agents of the National Bureau of Investigation took the 27-year-old man into custody in an apartment in Manila. Preliminary reports indicate that the virus may have actually been written in order to gain free Internet access by sniffing out IDs and passwords for users' accounts.

Not Just A Patch: Vaccines
Several companies have stepped forward to point out that their products can help alleviate the severity of such attacks. One is Tripwire, Inc., a provider of integrity assessment software. The company is offering a software product designed to act as a sort of "digital safety net." The module detects changes, viruses, backdoors, and intrusions, even if they are unknown to other security software programs. The software aims to detect any file modification, addition or deletion to a file system, regardless of source: virus, intruder, or vindictive employee.

Mother's Day Is Almost Here
On the heels of the I LOVE YOU virus were warnings that another worm was on its way. The Mother's Day worm arrived as a confirmation of an electronic gift order. The words "Mother's Day Diamond Special" appeared in the subject line of the e-mail. The attachment, named mothersday.vbs, was disguised to look like an electronic confirmation or invoice. Users opening this invoice will launch the Visual Basic script, enabling the worm's progress in an identical manner to the I LOVE YOU virus. Don't open it, even if you think it's from your mother. She'll understand.

Another threat is a copycat virus which has in its subject field "Fwd: Joke," and includes an attachment called "Very Funny.vbs." This variant is very similar to the I LOVE YOU version, though it has apparently been changed just enough to be able to get around many anti-virus programs.

The scariest part about viruses such as these is that in retrospect, the people who create them will tell you how easy it is. In the wake of last week's attack, it seems apparent that the best and first defense is knowledge. When you know what to look for, you can both avoid damage and warn others in advance. It's ironic that though e-mail viruses spread quickly and can do a great deal of damage, e-mail can also be the savior of the day. Many of us had warnings about the virus in our inbox even before I LOVE YOU arrived, helping us avoid infection. The only other way to prevent being affect by a virus is to be a keen observer, and recognize the signs that all is not as it seems.

Why am I telling you this? Because I do love youno, really.

The author will accept e-mails without attachments at troth@tmcnet.com.