IT staff renew virus battle today

Many local IT staff have spent the weekend battling the effects of the Love Letter worm, the most pervasive and damaging virus in history.

Many local IT staff have spent the weekend battling the effects of the Love Letter worm, the most pervasive and damaging virus in history.

Love Letter, a worm with virus qualities, turned up in New Zealand on Friday morning, after raging through Europe. By late Friday the Internet security company estimated that the virus had already infected more than a million computers, causing in excess of $100 million in damage.

Early victims on Friday included two New Zealand government departments, Education and Fisheries, media company INL, IT distributor Axon Computertim. Emails to Vodafone on Friday were met with a "disk full" error message from mail servers, suggesting a substantial infection.

IDG Communications got off "relatively lightly" with the virus and its subsequent mutations, according to IT spokesman Kalman Bekeski. IDG is standardised on Lotus Notes, and not Microsoft email products, which have been the prime means of spreading the virus, but still suffered from one of its other effects - the loss of image files on infected PCs, as the virus replaced them with copies of itself. Most affected files were backed up, he said.

Xtra, meanwhile says it has installed a range of "filtering processes" aimed at catching virus-laden emails. Sales and marketing manager Kevin Kenrick says the ISP has deleted more than 17,000 messages.

"Message filtering has now slowed to approximately 2 messages per minute from a peak of 2 messages per second on Friday morning," Kenrick said on Saturday. "Our key focus now is to identify any new variants of the virus."

Some reports are claiming there are now as many as 60 variants of the virus, with the I Love You message being joined by others headed 'Mothers Day Order Confirmation', 'Dangerous Virus Warning'

Few countries in Asia, where the virus first struck, have been spared in the past three days. Businesses in Australia, Singapore, Taiwan and Vietnam all reported being hit on Friday.

Singapore's Computer Emergency Response Team reported many instances of the virus, as the country has large numbers of small businesses with few in-house computer skills.

"All our e-mails today have some virus attached to them," said Gabriel Wong, an associate with Singapore's East-West Public Relations on Friday. "We've had the network people in, but we can't seem to get rid of the virus. We're now worried about sending e-mails out in case we affect other people."

The virus has also hit several private sector companies in Vietnam and will probably hit government departments as well, according to Ho Chi Minh City Internet consultant Andrew Marshall.

The purported author calls himself or herself "Spyder" and is apparently a teenager in the Philippines, according to investigators who tracked the worm's origin to two e-mail addresses. But there is no proof the hacker was based in the Philippines, since the service was prepaid and there is no way to trace who owned the accounts, the investigators said.

The virus uses Visual Basic Script (vbs), which is used extensively to automate all common Microsoft office products as its mechanism for infection, spread and damage. It also invokes a particular Windows Internet relay chat client called MIRC and may attempt to replicate to all recipients of the chat channel or those who join afterwards, said.

All LAN machines are infected as well. The virus exists with numerous first names, but always with a file extension of vbs (*.vbs) and always exists as a file with size of 10,309 bytes. Preliminary analysis suggests that the virus may also steal passwords from a user's machine and attempt to send these to another site on the Internet, ICSA said.

The impact of the virus in Australia was less widespread than in Europe or North America probably because many businesses were closed for the day before the virus messages arrived on Thursday, Frances Ludgate, business manager for CA's Etrust security software. said.

"Not having it happen during our working hours means we have been able to deal with it," Ludgate said.

Further helping to dull the impact, China and Japan have been out on holidays this week, she added.

"China and Japan should be well aware of this when they come back, but they probably will still be hit" to a lesser degree when businesses reopen on Monday and users find variants of the virus message in their inboxes, Ludgate said.

An extended May Day holiday in China seems likely to reduce the impact of the virus there, said Christine So, a representative of Symantec in Hong Kong. Symantec received no inquiries or infection reports from China, she said, though it received about 60 inquiries and several reports of infection in Hong Kong.

However, the virus caught some Asian businesses.

A business manager at one public relations agency in Hong Kong got the Love Letter e-mail late Thursday afternoon and opened the attachment.

"What fooled me with this virus was that it actually replicated to our internal e-mail system," said David Croasdale, business manager at Newell Public Relations, in Hong Kong. Croasdale said he uses Microsoft Exchange for internal e-mail and another application for external mail.

The virus infected 800 files on his PC and reset his Internet home page from Yahoo to the site of an ISP in the Philippines, Croasdale said. The infected files included mostly JPEG graphics files, as well as Internet Explorer temporary files of Web sites, Croasdale said.

"I assume they're all lost, but that's not a big deal, because other people in the office have copies of those files," Croasdale said.

An executive at the Hong Kong office of one multinational software company said his office is without e-mail because of the virus.

"We haven't been affected in Hong Kong, but our mail server is connected to the States," said James Cottrell, marketing manager at SAS Institute Hong Kong. "A few people there have had this, so as a safety precaution, they've taken down the mail server."

Ted Cheng, Greater China manager for Onyx Software, in Hong Kong, was doubly infected Thursday night. Sick at home with a viral fever, he received the Love Letter message and opened the attachment. Microsoft Outlook immediately began propagating it through e-mail messages.

"I tried to unplug the telephone line from the computer, then I tried to delete all those mails that were in the out box. By then, it was about 140 messages," Cheng said. He estimates 20 actually went out from his computer.

"I have a virus and a virus," Cheng said. He had one piece of advice to pass on: "Don't fall in love at first sight.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments