There's nothing innovative about the Love Bug's technology, writes Lindsay Clark

Although the I Love You virus has proved to be one of the most damaging in the history of the Internet, there is nothing particularly innovative about its technology.

The virus uses a very similar method of distribution to Melissa, which caused millions of pounds worth of damage to businesses last year.

Technically a "worm", Love Bug does not actually replicate itself like a true virus. Instead it relies on Visual Basic scripting within Microsoft Outlook and Microsoft Windows to copy and forward the malicious code.

The Love Bug virus forwards itself to the entire contents of an e-mail address list, which could number thousands of individuals in large organisations. It also e-mails further copies to any organisational sub-groups of the mailing list and the user's personal address book.

It was the sheer volume of e-mail traffic caused by the rapid proliferation of the virus that clogged up e-mail servers and network bandwidth, bringing electronic communication in many business to a halt.

In addition, the virus has a payload that will damage computers' systems. Love Bug can replace Mpeg music files, Jpeg picture files, and some VBS and other system files. Once infected, the files will have the same name, but with different extensions which include the virus code.

IT departments are trying to establish how effective the virus is at replicating in this way. At the very least, companies that use picture files heavily could have much of their data lost or corrupted. Some of these files are also dropped into the system directory and will activate the virus every time the PC is booted up.

Users who have opened the file attachment, which was entitled Love-letter-for-you, also had their Internet Explorer home page reset to skyinet.net. The page suggested users should download a file called win-bugfix. exe. Far from fixing the bug, this program attempts to steal passwords from the user's system and e-mail them to the attacker's address in the Philippines.

Although this may have been used as a method for the virus author to launch hacking attacks, it is unlikely that many people downloaded the bugfix file, because the Web site supplying it was shut down at an early stage in the life of the virus, explained David Chess, anti-virus expert with IBM Research.

The most effective method of defending against the virus is to shut down your Internet connection, Chess said. However this is an extreme measure that should be balanced against the extent to which your business relies on e-mail to continue running effectively and the losses a shut down would incur.

Commentators have been critical of Microsoft products because of the number of opportunities they present virus writers. Chess said that the Unix operating systems have some advantages over Windows, because they have are multi-user and are therefore more aware of alien code being loaded to the desktop. However, he said no platform could be completely free of viruses. "Even in the most cleverly designed systems there is still a niche that viruses can live in," he warned.

Leader

More e-security news

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in May 2000

 

COMMENTS powered by Disqus  //  Commenting policy