Love Virus Took Advantage of Outlook

FRAMINGHAM (05/05/2000) - According to a spoofed Associated Press story making the rounds today, following the worldwide spread of the "I Love You" virus, Microsoft Corp. is changing the name of its Outlook personal-productivity software to "lookOut!"

The spoof message attributed to a phantom spokesman named Gil Bates reads: "We wanted a name that more properly set customer expectations, one that spoke to its vulnerability to attack by simple (Visual Basic) scripts and the like. A name that says to our customers, 'use at your own risk' in no uncertain terms."

Funny, yes. But security experts said Outlook does contain optional features that can make computers vulnerable to viruses such as the "I Love You" one.

Finland-based anti-virus vendor F-Secure Corp. is advising users of both Outlook and Microsoft's Internet Explorer Web browser to disable a feature called Windows Scripting Host that allows the "I Love You" virus and several identified variants to spread.

Instructions for turning off the tool on Windows 95, 98, 2000 and NT systems are listed on the F-Secure site. "This feature is not necessary," said Pirkka Palomaki, director of product marketing at F-Secure. "It is just an enhancement for certain tasks, such as sending out a mass e-mail."

According to Palomaki, the Windows Scripting Host and similar macro language tools are commonly used to automate features that could be considered repetitive tasks.

But while they make users vulnerable to viruses that can leverage an entire list of addresses to propagate themselves, most users are not aware of their existence, he said. And even if a user runs an e-mail client other than Outlook, the Internet Explorer browser will launch the scripting language if a user clicks on an infected attachment.

"Scripting languages are so powerful. You can automate so many things, but virus writers take advantage of that," Palomaki said.

David Remnitz, CEO at New York-based security vendor IFsec LLC, agreed that the complex features offered by Outlook make it less secure than other e-mail programs.

"If you write code that does what Outlook does, you open yourself up to vulnerabilities because of the advanced features the software has for executing scripting," Remnitz said. And the Windows Scripting Host "happens to be part of the operating system itself, so it's easier to exploit," he said.

Because application programming interfaces for software that's compatible with Windows are widely distributed in the development community, Remnitz added, virus writers also have ample opportunity to evaluate the code for weaknesses.

He predicted that that there will be an increased number of similar viruses as the code for Windows applications and operating systems is expanded with even more features. "As the code gets more complex, opportunities to exploit it increase," Remnitz said.

Microsoft officials yesterday said Outlook is no more vulnerable than any other e-mail client, adding that its widespread use makes the popular software a more likely target than other applications.

Remnitz agreed that, even though last year's Melissa virus and now the "I Love You" one have focused on Outlook, abandoning the product won't necessarily make users more secure. He said he'll continue to use Outlook despite the latest attack.

"Just because the last two (viruses) have focused on Outlook doesn't mean that the next two or five might not target other products that seem more secure or better designed," Remnitz said. "All of these products are rushed to market and built very rapidly. And when you have millions of lines of code, it is very difficult to ensure that this code will be used in a legitimate manner all the time.

To help avoid more virus problems in the future, Remnitz said, law-enforcement officials need to enhance their ability to track people capable of creating viruses. And anti-virus software vendors need to do a better job of identifying and addressing risks, he added.

"Ninety-five percent of the time, they do a great job," he said. "But they didn't pick up on this.... This thing slipped right under the covers."

Join the newsletter!

Error: Please check your email address.

More about F-SecureIFsecMicrosoft

Show Comments

Market Place

[]