Variant of Love Bug Virus Spreading

Friday, May 19th 2000, 12:00 am
By: News On 6

NEW YORK (AP) — The FBI was investigating a new computer virus, said to be both smarter and more destructive than the worldwide ``Love Bug'' plague, Attorney General Janet Reno said today.

By early morning, the FBI had reports of up to 1,000 machines being affected with the new virus, christened ``NewLove.'' Virus experts said it was not spreading as fast as the ``Love Bug,'' but could cause a lot of damage to infected computers.

The new virus was detected at several large companies late Thursday, said Dave Perry, spokesman for anti-virus software maker Trend Micro Inc., based in Cupertino, Calif. He would not identify any of the companies affected.

Simon Perry at software company Computer Associates International Inc. in Islandia, N.Y., said they had reports of thousands of computers across the United States being infected, and the count was likely to reach the tens of thousands.

``If this gets to 100,000 machines, versus millions for the `Love Bug,' that's more damaging'' because the new viruses erases more files and chrashes computers, Perry said.

Computer Associates said the virus seems to have spread from Israel, but it was too early to say if it was written there.

While the ``Love Bug'' or ``LoveLetter'' was given away by the ``ILOVEYOU'' subject line of the e-mails that carried it, NewLove is more devious.

``This new version can change the subject line and the program code every time it is retransmitted,'' Reno said at her weekly news conference. ``This makes the virus more difficult for users and anti-virus programs to detect.''

The subject line of an e-mail infected with starts with ``FW: '' and includes the name of a randomly chosen attachment from a previous e-mail on an infected computer. The e-mail will have an attachment with the same name. The attachment may have a ''.vbs.'' extension visible.

Clicking on the attachment will activate the virus. Like ``Love Bug,'' it will send it self to everybody in the user's address book. It will then overwrite most files on the hard drive, rendering the computer useless until the operating system is reinstalled.

``This worm is too destructive to go very far,'' said Mikko Hypponen at anti-virus company F-Secure Corp. in Finland. ``When people were hit by LoveLetter, they didn't notice it until they were contacted by people who they had sent the virus to. With NewLove, your computer crashes immediately and you loose your files. It's difficult to miss that.''

As with the ``Love Bug,'' it will only spread from recipients running Microsoft's Outlook e-mail program. However, it will destroy files when the attachment is opened in another program if the computer is running the Windows 98 or Windows 2000 operating systems, or has Internet Explorer 5.0 installed under Windows 95.

The ``Love Bug'' spread like an avalanche to millions of computers two weeks ago. Estimates of the damages caused range up to $10 billion.

Trend Micro's Perry said he hoped that increased awareness among e-mail users would hold back the spread of the new virus.

``Any time a virus hits a week after another virus, its potency is diminished,'' he said. ``People tend to be a little more cautious.''

The larger size of this virus's attachments are more likely to crash e-mail servers, experts said. The ``Love Bug'' had a small attachment, but crashed e-mail servers all over the world when it sent millions of copies of itself through the systems at once.

The search for the author of the ``Love Bug'' has led investigators to the Philippines, where several people have been questioned.

The relatively simple virus was followed some hours later by slightly modified variants, posing as jokes or confirmations on Mother's Day gifts. None of the variants were very widespread.

Microsoft has said that it will make available a modification to Outlook next week that will warn users about suspect e-mail attachments.


EDITOR'S NOTE: Associated Press Writer Michael Sniffen in Washington contributed to this report.


On the Net:

Trend Micro:


Microsoft Office Update:

CERT Coordination Center:

National Infrastructure Protection Center: