05/04/2000

ILOVEYOU has sinister side BY Dan Verton, Judi Hasson, Natasha Haubold, Diane Frank

The "ILOVEYOU" computer virus that has infected hundreds of thousands of systems worldwide reportedly includes hidden code developed in the Philippines that collects network passwords and transmits them to a World Wide Web site maintained by an unknown attacker.

The virus code has been sent to the National Security Agency for evaluation. However, some security and intelligence experts have warned that it is too early to know whether the virus contains components that have intelligence and national security implications.

According to security experts, the file WIN-BUGSFIX.exe is a backdoor created in the Philippines that collects the network passwords cached in Microsoft Corp.s Windows operating system and then sends them to a Web site when the infected user connects to the Internet.

Dave Jarrell, director of the Federal Computer Incident Response Capability said no one is 100 percent sure what the executable does. However, he added, the virus attempts to hide the fact that it has downloaded the executable file by masquerading it has a benign application file, like a JPEG picture file. "It could feasible go out and do this over and over again," he said.

According to moderators on the Bugtraq security listserv, "It seems the WIN-BUGFIX.exe file will e-mail any cached passwords to MAILME@SUPER.NET.PH."

Narender Mangalam, director of security strategy for Computer Associates International Inc., confirmed that there is a more malicious aspect to the virus and that there could be national security implications because federal agencies were infected. "All of it is a little hypothetical right now, but that does not mean it cant happen," Mangalam said.

The company has posted a patch on its Web site that Mangalam said protects systems against the entire virus and added that officials may know more about its origin as early as Friday.

FedCIRC has been working with the National Infrastructure Protection Centers analysis and warning center, as well as the National Security Agency and the Energy Departments Computer Incident Advisory Capability.

DOE, which has had its share of cybersecurity problems, ordered security guards to meet employees at the agencys building entrances in Washington, D.C., this morning and warn them about the ILOVEYOU virus. The guards told employees not to open e-mail with it. Nevertheless, the virus apparently entered the computer system.

"It is still spreading," said DOE spokeswoman Ruth Vass. "Some of the machines are frozen.

However, it was unclear whether the virus at spread to DOE facilities outside of Washington, D.C., she said.

http://www.fcw.com/fcw/articles/2000/0501/web-love2-05-04-00.asp

-- Martin Thompson (mthom1927@aol.com), May 05, 2000

Answers

Good post Martin. This is an important story.

-- (Dee360Degree@aol.com), May 05, 2000.

Good catch, Martin. I agree, Dee.

-- Rachel Gibson (rgibson@hotmail.com), May 05, 2000.

Saturday, 6 May, 2000, 01:11 GMT 02:11 UK Virus hits Pentagon secret network

The Love Bug computer virus infected four classified military systems in the United States, the Defence Department has announced. A statement from the Pentagon said the affected systems were quickly isolated and there were no reports of any impact on military operations.

On Friday new versions of the devastating computer virus threatened to wreak fresh havoc on computers across the world.

The computer security firm Symantec says it has found 10 copycat viruses able to elude software designed to block messages with the original Love Bug virus.

Computer analysts say that the damage caused by the virus could run into billions of dollars.

Pentagon infected

In a statement, Pentagon spokesman Kenneth Bacon said four classified internal systems were infected.

"Despite these episodes, the Joint Task Force on Computer Network Defence says that it has received no reports that the virus had an impact on military operations," Mr Bacon said.

It is unclear how the virus penetrated the Defence Department's classified computers, which are physically separate from unclassified systems.

The classified systems use their own fibre-optic lines and computer terminals, designed to prevent intrusions by hackers or viruses

http://news.bbc.co.uk/hi/english/sci/tech/newsid_738000/738276.stm

-- Martin Thompson (mthom1927@aol.com), May 05, 2000.

Boy, this is hard to believe: The I Love You virus hit FOUR "classified" U.S. Defense Dept. systems.

I thought all classified U.S. Defense Dept. systems were INTRAnet, not INTERnet.

-- JackW (jpayne@webtv.net), May 05, 2000.

Love Bug Hits Pentagon

'ILOVEYOU' Hits Two Classified Compuer Systems Culprit Tracked To Philippines Virus Has Morphed Into At Least Eight New Forms

(CBS) The Pentagon said Friday that the devastating "love bug" worldwide computer virus hit two U.S. military computer systems, CBS News Correspondent Jim Axelrod reports.

Sources said one of the systems attacked was at the National Security Agency.

Pentagon spokesman Ken Bacon, who didn't name the agencies involved, said one of the agencies using one of the systems reported that less than 1 percent of the network was contaminated and it was quickly isolated and cleaned by technicians. He described damage as minimal.

President Clinton made similar comments earlier, saying, "We've been very fortunate that the government has fared well here."

snip

http://cbsnews.cbs.com/now/story/0,1597,191800-412,00.shtml

-- Martin Thompson (mthom1927@aol.com), May 06, 2000.