E-Mail Virus Takes on New Disguises
E-mail systems were bombarded again Friday by a nasty computer virus with new disguises, but computer users stung by the first masquerade as a love letter were better prepared when the bug began showing up as an e-mail joke or a Lithuanian invitation to coffee.
Antivirus software makers rushed out updates to fight as many as seven new variations of the ``love bug,″ including another one that pretends to be a receipt for a Mother’s Day gift.
The original virus, which is labeled ``ILOVEYOU″ and carries an e-mail attachment called ``LOVELETTER,″ struck in at least 20 countries on Thursday, overwhelming computer networks and destroying important computer files.
Damage estimates from the outbreak started at hundreds of millions of dollars, though mostly in lost work time; some experts said the cost could reach $10 billion.
Seattle-based Safeco Corp., which has more than 11,000 employees nationwide, was among the businesses that turned to handwriting, telephones and other means of communication as the virus forced them to shut down e-mail and instant messaging systems.
``This thing has caused a major hassle,″ said Le Roi Brashears, a spokesman for the insurance and investment company. ``We had to resort to digging out the floppy disks and using pencil and paper.″
Some organizations suffered heavy damage, however, as the virus destroyed files storing crucial information, pictures and video.
The CERT Coordination Center, a government-chartered computer emergency team at Carnegie Mellon University in Pittsburgh, cited an unidentified Web startup company where the virus destroyed the equivalent of 70,000 photographs stored in a popular digital image format that the bug is programmed to attack.
CERT said that one infected organization with 12 computers was facing $30,000 in recovery and lost productivity costs.
The FBI and authorities in the Philippines were investigating leads suggesting the virus originated in Manila, including clues embedded in the virus’ program code and information from an Internet service provider.
``It could be a lead or a red herring,″ said one FBI official, who spoke on condition of anonymity. ``We’re not at a point where we are able to definitively say what the origin was.′ ″
The FBI expanded its criminal probe on Friday to include the new variations of the virus, which potentially were created by copycat programmers who altered the code of the original bug.
The first copycat version of the virus began whipping across e-mail systems by Thursday night, masquerading as a joke passed on by an acquaintance with an attachment labeled ``Very Funny.″
But although it was spreading with the same lightning speed as the original, computer security firms reported far less damage among their customers _ possibly as a result of the software inoculations deployed by systems managers on Thursday and a more wary attitude among computer users who were caught off guard by the first attack.
``It’s definitely calming down, at least with `LOVELETTER,′ ″ said Sal Viveros, a director at the McAfee security division of Network Associates.
The joke version ``is spreading very, very quickly, but nowhere as quickly as ‘LOVELETTER’ because people are really aware of not clicking on attachments, and many people got a cure for ‘LOVELETTER’ that blocks new variants,″ Viveros said.
McAfee and other antivirus firms said they were receiving only isolated reports of the Mother’s Day version and another with a subject line reading, ``Susitikim shi vakara kavos puodukui,″ which translates from Lithuanian as ``Let’s meet tonight for a cup of coffee.″
In all cases, however, experts cautioned computer users not to open any suspicious e-mail attachments, the mechanism that releases the virus to burrow into a computer hard drive or network and destroy files.
Friday’s victims included United Nations headquarters in New York, where the e-mail system was temporarily shut down as a precaution even as the organization was grappling with a hostage crisis in Africa.
There were a wide range of attempts to quantify the extent of the outbreak, which most agreed was the worst yet in scope and damages.
Computer Economics Inc., a research company based in Carlsbad, Calif., said 45 million people worldwide received the infected e-mail on Thursday and estimated damages at $2.6 billion for the first day alone _ and could go as high as $10 billion before it’s contained. By contrast, viruses caused an estimated $12.1 billion in damage during all of 1999.
Computer Associates International Inc., an Islandia, N.Y.-based computer services provider, said tens of thousands of corporations have been hit, translating into tens of millions of machines and damages in the hundreds of millions.
EDITOR’S NOTE _ Associated Press Writer Michael J. Sniffen contributed to this report from Washington.
On the Net:
National Infrastructure Protection Center at http://www.nipc.gov/
CERT Coordination Center at http://www.cert.org
Anti-virus companies, including Symantec at http://www.symantec.com; Network Associates at http://www.nai.com; Dr. Solomon at http://www.drsolomon.com