[gardeners] Fwd: "I Love You" email virus sacks computers

Seana Ames (gardeners@globalgarden.com)
Thu, 04 May 2000 15:10:33 MDT

----Original Message Follows----
From: 2543@bewellnet.com
To: amesfam@hotmail.com
Subject: "I Love You" email virus sacks computers
Date: Thu, 4 May 2000 13:39:41 -0700 (PDT)
Received: from [] by hotmail.com (3.2) with ESMTP id 
MHotMailBADB2B0D0062D8219798D8C8F782EC3E0; Thu May 04 13:39:41 2000
Received: (from nobody@localhost)by abv-sjc2-nw3.cnet.com (8.8.8/8.8.8) id 
NAA06303;Thu, 4 May 2000 13:39:41 -0700 (PDT)
Message-Id: <200005042039.NAA06303@abv-sjc2-nw3.cnet.com>

This NEWS.COM (http://www.news.com/) story has been sent to you from 

Message from sender:
Here is the latest on that virus

"I Love You" email virus sacks computers

May 4, 2000, 1:20 p.m. PT

                                 A computer virus that experts warn could be 
more disruptive than the notorious Melissa virus has hit computers in Asia 
and Europe and is quickly spreading across the United States via email.

     The virus, which includes the message "I Love You" or "Love Letter" in 
the   email subject line, was first spotted in Asia early this morning, 
according   to security systems firm F-Secure.

     According to security analyst Elias      Levy of Security Focus, the 
virus  contained a possible clue to the source of the infection that points 
to the  Phillipines.

   According to Levy, the worm contains the following comment: "rem barok  
-loveletter(vbe) <i hate go to school>  rem by: spyder / ispyder@mail.com / 
@GRAMMERSoft Group / Manila,Philippines".

   Attempts to contact ispyder by CNET News.com were unsuccessful.

   Antivirus experts were amazed by the power of the virus. "I've been doing 
antivirus research for the past nine years, and it hasn't been this  bad," 
said Mikko Hypponen, a research manager at F-Secure, who also noted that the 
first report received of the virus came in at around 9:00 a.m. GMT (2 a.m. 
PT) on Thursday from Norway. "It's spreading so fast, so globally, and twice 
as widespread as the Melissa virus."

   By 1 p.m. GMT (6 a.m. PT), F-Secure had reports from more than 20 
countries, he said.

   The virus arrives in an email that includes an attachment called   
"Love-Letter-For-You," according to F-Secure. The virus targets people who 
use Microsoft’s Outlook email program--a widely used default email client at 
companies--to send messages with the virus to everyone listed in that 
person's address book.

   The email virus has infected computer systems across Asia, Europe and the 
   United States and is spreading fast, according to representatives from 
many companies.

   Hypponen, who called the Love virus "destructive," said the most damage 
could be to media houses--including radio stations, magazines and 
advertising agencies--that have lost photo archives and music files, as the 
virus directly attacks those types of files.

   "A large publishing house that got hit with the virus this morning lost 
their complete photo archives," Hypponen said. "The problem is it 
automatically deletes your (image and music) files. (Antivirus upgrades) can 
remove the virus but can't undo the damage. If you don't have back-ups to 
your files, you lose."

     A number of security sites have posted instructions for removing the 
virus, but many were not easily accessible, presumably due to heavy traffic. 
Those sites include:

     -- http://download.mcafee.com/

   -- http://www.datafellows.com/download-purchase/updates.html

   -- http://www.antivirus.com/download/pattern.asp

   -- http://www.sophos.com/downloads/ide/index.html#loveleta

   -- http://www.thepope.org/index.pl?node_id=140

     One mid-sized Web site reported that the worm wreaked havoc on its 
computers today, but that the public site was spared the Windows-specific 
worm because the site is served off a Linux computer.

     "It was taking any MP3     files and it was making duplicates of itself 
with a VBScript extension, and any '.jpg' files on our server were being 
transformed to VBScript," said the site's administrator, who did not want 
the site identified. "We've got an employee who got nailed heavily, and 
every '.jpg' graphic has been converted to a '.vbs' file."

     One site heavily dependent on the integrity of its MP3 
files--MP3.com--has apparently weathered the "Love" bug unscathed. A 
representative said the company's information systems administrators sent 
out a warning to employees about the worm early in the day, and no damage 
had yet been reported.

     Sources said that several government organizations in the Washington, 
D.C.,   area, including the Pentagon, the Federal Reserve, the Coast Guard 
and the Defense Department, have been hit by the email virus.

   "We certainly have seen scattered instances of it throughout the Defense  
Department, but I don't have any overall assessment at this time," said 
department  spokeswoman Susan Hansen. "Our joint task force on computer 
network defense  has this under consideration. I can confirm that, like many 
other  organizations, we too...have seen this virus."

     Two people in Washington this morning explained how quickly the virus 

     The first, a lobbyist on Capitol Hill, said she opened an "I Love You" 
email and realized immediately it contained a virus. "I tried to close 
Outlook right away, but it wouldn't shut down," said the lobbyist, who asked 
not to be identified. In the 10 or so seconds she waited before turning off 
the computer, she estimates the virus emailed copies to half her address 
book, or about 100 people working in different federal agencies.

   A public relations manager manager for a large computer maker doing 
business with the Department of Defense said that by mid-morning he had 
received more than 50 virus-infected email messages, mainly from Washington 
but from all over the country.

     An FBI representative added, "The FBI is currently assessing any impact 
this has had both nationally and internationally." The representative would 
not say whether the agency had been infected by the virus, however.

   The National Infrastructure Protection Center, which has helped 
coordinate the investigation into denial-of-service attacks, today issued a 
warning about the virus.

       Once opened, the email virus overwrites existing local script and 
HTML   files, as well as picture and music files, with its own code, 
F-Secure said.   Files with extensions ".jpg," ".jpeg," ".mp3" and ".mp2" 
are overwritten, the   company said.

     Last year, the Melissa virus clogged corporate email servers   across 
the country, causing more than $80 million in damage. A New Jersey   
resident, David Smith, was arrested and charged with disseminating the   
original Melissa virus.

     News.com's Paul Festa contributed to this report.


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com