THERE IS A VERY DEVASTATING VIRUS GOING AROUND THE NET TODAY. Do NOT open the attachment to any email with the header "ILOVEYOU" and the message "kindly check the attached LOVELETTER coming from me." The attachment is a file called "LOVE-LETTER-FOR-YOU.TXT.vbs" It is a particularly nasty virus that alters image and MP3 music files (among others), emails a copy of itself to everyone you know, and then changes your home page and asks you to download and install "WIN-BUGSFIX.EXE" ... which does not get rid of it, it is a hacker's password stealing program. If you get the ILOVEYOU message, DELETE IT. And upgrade your virus protection software immediately. If you have already opened it, you might find instructions for removing it at www.symantec.com. (Haven't been there yet, but they are usually on top of things).

-- Anonymous, May 04, 2000

Answers

The virus appears to spread through your Outlook Express address book, and can also be transmitted through the chat program mIRC.

-- Anonymous, May 04, 2000

If you have the virus already ... here are some things you can do while you are getting your antivirus software updated:

1. Hit Ctrl + Alt + Del to bring up the task manager. If you see a program called "wscript", kill it. 3. Go to your file manager and search for all "*.vbs" files on your local hard drives. Delete all of the .vbs files that are 11K in size 4. Go into internet explorer and change your homepage back to something else (Do not open the .exe file that it points to) 5. Do not open any .jpeg or .jpg image files, or any mp3 audio files; they are all corrupted (as are .js and .css files). Your mp3 files are copied by this virus elsewhere on your computer; you will have to go hunting for them, and delete the originals that are now infected. 6. Get your antivirus updated ASAP!

Good luck!

-- Anonymous, May 04, 2000

Let my try that again ...

1. Hit Ctrl + Alt + Del to bring up the task manager. If you see a program called "wscript", kill it (End Task).
2. Go to your file manager (Start/Find/Files or Folders...) and search for all "*.vbs" files on your local hard drives. Delete all of the .vbs files that are 11K in size
3. Go into Internet Explorer and change your homepage back to something else (Do not open the .exe file that it points to)
4. Do not open any .jpeg or .jpg image files, or any mp3 audio files; they are all corrupted (as are .js and .css files). Your mp3 files are copied by this virus elsewhere on your computer; you will have to go hunting for them, and delete the originals that are now infected.
5. Get your antivirus updated ASAP!

-- Anonymous, May 04, 2000

Caveat: The above is NOT a complete fix of the virus. It just stops it from spreading. If you have the virus your registry has been altered, and you need an antivirus program to repair the damage. And you should make sure to close Outlook Express as soon as possible once discovering you have the virus, and before doing the above.

-- Anonymous, May 04, 2000

Thanks, John,

My son warned me about this, this morning, and because I got no response when I warned the forum about the 'Pretty Park' vrius in March, I thought no one would be interested. This one is all over the news, because it is particularly destructive.

Symantec is swamped and probably will be for awhile. I re-ran my Norton Anti-Virus 2000 software, but haven't up-graded mine since I first installed it, so it probably doesn't protect against this new one.

You're doing people a good service by warning them. There are three which my sister said never to open and this .exe is one of them. (G-r-r! I've forgotten the other two).

-- Anonymous, May 04, 2000

Since this virus spreads like all the others of threat lately, a very good anti-viral protection one can use is any mail tool NOT by Microsoft (aka M$). The ILOVEYOU virus, like most you have heard about recently, is only a threat to those with Windows 98 or Internet Explorer 5. Netscape 6 sounds like it will be a good alternative (there is a pretty stable "preview release" available already at http://home.netscape.com/download/previewrelease.html?cp=djusea).

Better still, use Linux, never access the internet as the "root" user, and make everything you value owned by "root". A virus spread via the internet may still get to you, but for now most viruses are targetted to Windows machines, and Linux file structure and mechanisms naturally limit damage as long as the virus is not "owned" by "root".

Safe computing!

-- Anonymous, May 05, 2000

There are two very good ways we could stop most of these viruses/trojans from spreading.

1. Break yourself from CFD (Compulsive Forwarding Disorder). Stop forwarding every cute, frightening, spooky, or (whatever) email that comes to you automatically, without thinking. Urban legends and email hoaxes are a sort of virus of the mind, and we are becoming conditioned to react rather than think. So when that forwarded email comes from our "friend" (and everyone on the Internet seems to be our "friend" now), we automatically trust it, and open it ...
2. NEVER click on a file attachment to open it, unless you know IN ADVANCE someone was sending you something. Assume all file attachments are hostile in nature unless you can confirm otherwise from the person who sent it.

The idea about Netscape wasn't such a bad idea. I have both Outlook and Netscape on my computer, but I don't use Outlook and it is unconfigured. I prefer Netscape's interface better. Use Netscape 4.7 though; Netscape release 6 is still beta and very buggy.

-- Anonymous, May 05, 2000

Is it true that these virus-initiators are angry at Bill Gates/Microsoft and aim at Outlook Express for that reason? If so, is it possible that the goal of some of them is to benefit financially from their mischief?

Just wondering.

-- Anonymous, May 05, 2000

I don't think so ... I think its just that Microsoft Outlook is an almost universal mail program now and therefore the easiest to spread this sort of worm. This particular worm also spreads by way of mIRC, a popular chat program which has nothing at all to do with Microsoft.

-- Anonymous, May 05, 2000

| Home | The Wire | Contacts/Staff | History | Updates | INTERNATIONAL HEADLINES

If you thought the 'love bug' was bad, just wait By JASON BURKE and NICK PATON WALSH London Observer Service May 07, 2000

- You sit at your desk, park your coffee next to your mouse, fire up your computer and click to check your e-mail. And in that one tiny movement, before you have even looked to see if there are any suspicious messages, it could be too late.

Just by clicking on your "Get Mail" you could have turned your PC into a pile of useless plastic. It is every computer user's worst nightmare _ and it's coming soon to a screen near you. Brace yourself for the supervirus.

Meanwhile, the "love bug" has given us all a taste of what could be coming. Though its creator must be concerned about the police knocking on his door within hours, he must also be feeling fairly pleased with himself. The virus he set loose on the world on Thursday has already caused millions of dollars' worth of damage, more than any other virus or hacking attack since the dawn of cyberhistory.

The program worked because it was simple. It lay dormant for nearly a week before surfacing on computer screens in Hong Kong. The message _ seemingly sent by someone known to the computer user _ said "ILOVEYOU' and had an attachment which appeared to be a love letter.

Launching the attachment allowed a program to invade the computer, which not only sent copies of the e-mail to all the addresses listed on the machine but also scooped up all the passwords it could find and sent them back to the creator of the bug.

Those first clicks triggered a flood. Billions of pulses raced through the world's phone lines, spattering the virus in all directions. It was the fastest-spreading bug ever, infecting five million machines within 36 hours. Everyone from the Pentagon to the House of Commons to New Zealand universities was hit. An estimated 20 percent of the world's computers were affected.

Yet it could have been much worse. The love bug worked by proliferating at such a rate that Internet systems couldn't handle the overload. That may cause temporary collapse, but there's little long-term damage. The damage that this bug _ technically known as a "worm" _ did to picture and music files did cause problems, but these were far from catastrophic.

Cyber-sabotage of a more deadly kind by was indicated by a development in November when researchers at Network Associates, a computer security firm, received a series of e-mails with the subject heading "Bubbleboy is back!'. As they examined the virus, their eyes widened. It was, says Vincent Gullotto, director of the company's anti-virus team, "a watershed."

The Bubbleboy virus broke the long-standing rule that you have to open an e-mail attachment to become infected. By the time it was in your inbox it was too late.

Thankfully Bubbleboy, though it e-mailed itself to everyone in a computer's address book, did not have a "destructive payload' and so did little damage. Few took much notice of the quantum leap that it represented.

Virus writers have made advances in other areas. In April 1999 a virus called Chernobyl was activated in hundreds of thousands of computers in Asia and the Middle East, striking on the anniversary of the nuclear accident it was named after. Not only did it wipe out stored data, it destroyed BIOS _ the basic instructions that tell a machine how to start.

Now virus writers have married the destructive capabilities of Chernobyl with the invasive capabilities of Bubbleboy and the speed of the Love Bug. The combination is the supervirus.

According to experts, at least 50 such superviruses have already been detected on the Internet. None have yet been launched at the public. Some may not work; some may be shot down by existing virus defenses; some might get through. And that is the nightmare scenario.

A hacker known as "Dark Tangent," who heads a group which advises big businesses on their security, said the only surprise is that a "supervirus hasn't happened yet."

"For the last two years we've all been waiting," he said. "I don't know why we have not seen one. It could happen next week."

The damage a successful supervirus could do is almost incalculable. "It would be as if the Millennium Bug has actually done everything it was feared it could do," said one London-based computer security expert.

The first question confronting law enforcement agencies and commercial outfits hired to protect companies and institutions against such an attack is who would be likely to launch it. Authorities are focusing on the threat from terrorist groups, who they fear might use viruses to extort money or blackmail governments into giving in to political demands.

"The supervirus is going to happen soon," said a source close to British intelligence services. "There are people out there with that intention. They may coincide their actions with protests against the International Monetary Fund and the World Trade Organisation, just to muddy the water."

Many of the organizations connected with anarchist violence in London number hackers in their ranks.

Another threat is from hostile governments. The US defence department believes 120 countries pose a serious threat to cyber-security. They include Libya, Iraq, Croatia and Serbia. The Chinese are thought to have created military regiments dedicated to cyber-warfare.

Experts say national security authorities are only just waking up to the threat from the Internet _ a threat that will be magnified when technology allows e-mails to be read on mobile phone-type units.

Many experts also say the security agencies are looking in the wrong place. Mike Bluestone, director of Berkeley Security Bureau of London, said those who launch virus attacks are more likely to be "cyber-vandals," not "cyber-terrorists."

"Terrorists make targeted demands and like a high degree of control over their operations," he said. "A supervirus is more likely to be the brainchild of a spotty adolescent than some terrorist mastermind."

(Distributed by Scripps Howard News Service. For more Observer news go to http://www.guardian.co.uk/.)

-- Anonymous, May 08, 2000