yahoo

Saturday May 6 3:22 PM ET

Philippine Police Wait for 'Love Bug' Warrant

By Sharon Buan

MANILA, Philippines (Reuters) - Philippine police said Saturday they were awaiting a judge's warrant to arrest the hacker suspected of creating the ``Love Bug'' virus which has crippled computers worldwide.

``They informed me that there was no judge available, although we are trying our best to contact one,'' National Bureau of Investigation Director Federico Opinion told Reuters by telephone.

``Nothing will happen until tomorrow (Sunday) morning,'' Nelson Bartoleme, the head of the Bureau's anti-fraud and computer crimes division, told reporters.

But he indicated Bureau agents had placed the suspect, believed to be a 23-year-old man living in a crowded Manila suburb, under watch. ``Our operatives are out in the field for surveillance,'' he said.

Police and Internet service providers (ISPs) earlier confirmed the suspect lived in the Manila suburb of Pandacan, but Bureau officials said they had not yet confronted him and would not say why.

Some Bureau officials privately said the man had been identified, but would give no further details. Only one man is at the focus of their investigations, they said.

Swedish Expert Points To German

In Sweden, however, a computer expert said Saturday he believed an 18-year-old German exchange student in Australia was responsible for the virus.

The originator went under the name of ``Michael'' and had left traces on Internet user groups, according to Fredrik Bjorck, a Stockholm University researcher in data systems.

``I have good reasons for saying I have probably found the originator of the Love Letter virus,'' Bjorck told the Swedish news agency TT.

``The Love virus was activated in the Philippines but it is not certain whether Michael was there in person,'' Bjorck said.

Bjorck helped the Federal Bureau of Investigation (FBI) trace the destructive Melissa computer virus last year, TT said.

The Washington Post newspaper said in its Saturday editions that the FBI had traced the virus to the Philippines through a fairly obvious electronic trail and was ready to seize computers used in the attack once it got court permission.

Access Net Inc earlier said the virus had first spread through two e-mail addresses in its prepaid Internet service network, Supernet. The addresses the hacker used -- spyder(at)super.net.ph and mailme(at)super.net.ph -- have been frozen.

Jose Carlotta, chief operating officer of Access Net, said the virus could have originated elsewhere but the data retrieved from the e-mail accounts pointed to a Filipino in Pandacan.

``That's the lead we were able to garner from the communications and the mailbox,'' he said.

Carlotta said his firm and other ISPs hit by the virus had given all the information they had to the authorities.

``Last night we gave them all the information we know already. I have spoken with the general manager of SKY Internet and they're working more closely with the Federal Bureau of Investigation through the NBI,'' he said.

``I think they're already waiting for some more subpoenas to be able to take further action.''

Prior Hacking Bid

SKY Internet said Friday the virus was brought into its network by someone who had previously attempted to hack into its system. The virus was routed through a fake account at Impact, another ISP.

SKY said it had given its audit trails of the virus to the NBI, the FBI and Interpol.

Both Access Net and SKY said the information would be enough to track down the originator of the virus.

The ``Love Bug'' is being called the fastest-moving and most widespread computer virus ever, affecting brokerages, food companies, media, auto and technology giants worldwide. Universities and medical institutions have also been hit.

The original virus is carried by e-mails with the subject line ``ILOVEYOU,'' enticing users to click on the message, which then cripples their systems. Its second component stays in computers to steal passwords and e-mail them to mailme(at)super.net.ph.

Although the virus seems to have started in the Philippines, systems there and in much of Asia have escaped largely unscathed as several markets were on holiday this week. But the full extent of the virus will likely become clearer next week.

In Japan, however, a software company said Saturday the virus had spread quickly although the full extent of the damage would not be known until Monday when millions of workers return from a long holiday break.

According to the Japanese Internet company Trend Micro Inc, an on-line scan they conducted showed that at least 28,000 messages had been tainted with the virus.

New Zealand's largest telecommunications operator Telecom said it had deleted more than 17,000 messages carrying the virus from its Internet service and was searching for new variations.

Experts said the virus was likely to engender more variants in the coming weeks. Some copycat variants already detected took the form of Mother's Day gift notices, jokes, and anti-virus warnings.

-- Rachel Gibson (rgibson@hotmail.com), May 06, 2000