Windows-based, Internet-connected computers worldwide are still reeling in the aftermath of the ILOVEYOU virus, which began wreaking havoc in Europe and Asia yesterday, causing some observers to declare it a meaner infection than the ‘Melissa’ Virus.
Like Melissa - found October 26, 1999 - ILOVEYOU has spread across the globe within hours of its discovery. Also like Melissa, the virus is carried by email. Though Macs are unaffected, as they lack the Visual Basic components the worm needs to replicate itself, Macs running Windows emulation can be infected. ILOVEYOU may also crash servers Macs may be connected to.
The virus, an Internet worm that claims to be a love-letter, hit hundreds of thousands of computers yesterday. It spreads by both Microsoft’s Outlook email system and also the mIRC chat client, and was first detected yesterday morning, according to European anti-virus specialists GFI and the Finland-based F-Secure group.
When the attachment is opened, the virus installs itself deep in both the Windows OS and the Outlook application. The ILOVEYOU worm also sends copies of the original message to every name in every Outlook address book on the drive.
The serious trouble begins after the PC is restarted - the worm searches for various file types on all folders on all local and remote drives, overwriting some with its own code, deleting certain file types, or creating new files with the same name as the original, deleting the original, and using the ".vbs" extension - for example, "ANIMAGE.JPG" becomes "ANIMAGE.JPG.VBS".
CERT, the Internet security co-ordination centre, recommends that recipients delete both message and attached file immediately. F-Secure said the worm seems to originate in the Philippines. The virus made its way to the US yesterday afternoon, where reports claim that government agencies, including the Pentagon, shut down a number of mail servers to avoid the virus - similar precautions were taken by some UK-based networks.
A statement on the CERT Web site says: "If your site has been affected by VBS/LoveLetter, we would appreciate knowing the scope of the infection at your site." The Web-security experts request sufferers submit an Incident Reporting Form, so they can assess the situation. More information regarding the virus is available on F-Secure’s Web site.
Network Associates has produced a fix for the bug which can be downloaded at Dr Solomon’s Web site.
High-profile victims of the virus include the Hong Kong Stock Exchange, the British Parliament, the Central Intelligence Agency and a huge number of corporate networks.