Series of EmergencyNet News Articles Concerning the Search For Creators/Distributors of the "ILoveYou" Virus

Series of EmergencyNet News Articles Concerning the Search For Creators/Distributors of the "ILoveYou" Virus - 04 May 2000 to 10 May 2000

10 May 2000, Manila, P.I.: Officials of a Philippine computer college on Wednesday identified a student who wrote a software program that closely resembles the "ILOVEYOU" computer virus that disabled e-mail systems worldwide. The student, Onel A. de Guzman, is missing. He lives in the same apartment as Reonel Ramones, a bank employee who was arrested on Monday on suspicion of involvement with the virus, but was later released because of a lack of evidence. The software program, written as a thesis project at AMA Computer College in Manila, was rejected on 24 February, with a thesis reviewer at the school noting "This is illegal" and "We do not produce burglars."

09 May 2000, Manila, P.I.: An official said on Tuesday that U.S. FBI agents provided a list of ten people who may be connected to the "ILOVEYOU" computer virus, and Philippine investigators were trying to decode the pseudonyms. Philippine prosecutors said Tuesday that police did not have enough evidence to hold the man suspected of being a creator of the crippling computer virus and ordered him set free. His girlfriend, who shares an apartment raided Monday by investigators, is also being sought for questioning. Several FBI agents are in the Philippines cooperating in the search for the virus programmer.

08 May 2000, Manila, P.I.: Authorities on Monday detained a man after searching the home of the suspected creator of the "Love Bug" computer virus which has penetrated computers around the world. The unidentified man was led in handcuffs by National Bureau of Investigation (NBI) officers from the back of a flat in a three-story building in the Pandacan area of the capital Manila. National police are are said to be looking for a woman who may also be associated with the case. Legal experts say that a lack of effective computer crime laws in the Philippines may make prosecution of any suspected cracker(s) difficult.

In a related matter, computer security experts today say that they believe that there may be as many as thirteen (13) new variants of the "Love Bug" (.vbs) virus now "in the wild." Most, if not all, of the anti-virus vendors have issued detection and eradication programs that can be obtained on their websites.

07 May 2000, MANILA, P.I.: U.S. authorities said on Saturday they are helping police in the Philippines search for the creator of the most damaging computer virus ever, the "Love Bug" that swept around the world this week. The identity of the programmer was still unclear. Security experts in the United States said clues in the virus code pointed to a student at a computer college in the Philippines, while a Swedish researcher said traces on the Internet pointed to a bored German exchange student.

06 May 2000, NEW YORK CITY/MANILA: Copycat variants of the "Love Bug" virus burrowed their way into computers systems around the world on Friday, a day after the most widespread cyber-attack ever wreaked havoc on business and government operations. The virus, first detected in Asia Thursday, spread rapidly, forcing network administrators to shut down electronic mail systems at major companies and penetrating the Pentagon, the Central Intelligence Agency, the National Security Agency and the British Parliament. Meanwhile, in the Philippines, police said they were close to catching the hacker suspected of creating the "Love Bug" virus.

From: ERRI DAILY INTELLIGENCE REPORT-ERRI Risk Assessment Services-Friday, May 5, 2000-Vol. 6, No. 126, Pt. 2

UNITED STATES

"ILOVEYOU" Doesn't...

A new computer virus called the "ILOVEYOU Virus" hit Asia and Europe early Thursday and quickly spread to the U.S. as individuals started reviewing their morning e-mail. The e-mail, which bears the title: "ILOVEYOU" contains a message asking the recipient to open an attached file. If opened, the message will replicate and send it to all e-mail addresses contained in the individual's address book. Thus far, it appears that the virus can replicate itself using MS-Outlook, MS-Outlook Express, and possibly other mail programs in addition to MIRC (Internet Relay Chat).

Officially, the virus has been dubbed the "Love Bug" and it did cripple millions of computer systems world-wide, shutting down e-mail systems and penetrating the Pentagon and British parliament, and experts warned the worst has yet to come. Central Command Inc, a U.S. company which specializes in anti-virus protection, said: "We are now seeing four new variants of the original virus spreading rapidly in the wild and expecting this number to increase in the next few days (e-mails entitled; "Joke," "Very Funny," “Mother’s Day Order Confirmation,” and "I Miss You" are among the variants).

The virus appears to have the ability to delete files including images, MP3 and Visual Basic files. The virus appeared in Hong Kong on Thursday afternoon and struck several financial institutions and information services, including Dow Jones. The virus began spreading through Europe, infecting organizations including governmental bodies. No organization appears immune as the virus began popping up on computers around the United States on Thursday morning.

More than 18,000 Australian computer users have been hit by the virus. Anti-virus research company Trend Micro said at least ten major corporations in Australia he knew about had been hit severely.

EmergencyNet News Computer Virus Alert

08:30CDT - 04 May 2000

"ILOVEYOU" E-mail Virus Spreads Throughout World Today

By C. L. Staten

Chicago, IL (EmergencyNet News) -- It has been confirmed that a number of businesses and individuals have received an e-mail in the past 24 hours that contains the subject "ILOVEYOU." ERRI Computer analysts recommend that you NOT open any e-mail titled in this manner...it contains a virus. Delete the mail without opening it.

EmergencyNet News has received reports from Europe, Asia, and the United States that the e-mail containing this virus is rapidly spreading. Reports of the virus have been received from media companies like CNN and the Wall Street Journal, public relations firms, government agencies, and financial institutions. It is believed that it accesses existing e-mail clients on the victim's computer, replicates itself, and then sends copies of the virus to addresses on the infected machine. Many recipients have received multiple copies of the "ILOVEYOU" message.

Both government and commercial anti-virus experts are said to be working on a detection and eradication process for the virus. Few other details about the mechanism of action of the virus are immediately available. EmergencyNet News continues to monitor events concerning this and other computer security issues and will provide updates as circumstances dictate.

Additional Reference and anti-viruses programs:

National Infrastructure Protection Center: http://www.nipc.gov/

CERT Coordination Center: http://www.cert.org

Anti-virus companies:

Symantec/Norton at http://www.symantec.com/
Network Associates at http://www.nai.com/
Dr. Solomon at http://www.drsolomon.com
McAfee at http://www.mcafee.com/

© EmergencyNet News Service, 2000. May be redistributed at will to bona-fide law enforcement, emergency service and government agencies without prior permission. Others must contact ERRI/EmergencyNet News for copyright/redistribution permission.

Emergency Response & Research Institute
6348 N. Milwaukee Ave., #312
Chicago, IL. 60646
(773) 631-3774 - Voice
(773) 631-4703 - Fax
(773) 631-3467 - Modem/Emergency BBS On-Line
http://www.emergency.com - Main Webpage
webmaster@emergency.com - E-mail

Return to the EmergencyNet News page

Return to the Computer/Technical Operations Archive