ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > News > Internet

Online business Toolkit

ISP confirms bug's Filipino connection

Robert Lemos, ZDNet News ZDNet.co.uk

Published: 05 May 2000 10:49 BST

Sky Internet, the Quezon City, Philippines, Internet service provider that inadvertently hosted some of the "ILOVEYOU" worm code, said late Thursday that the company has tracked the bug to another hosting service, but its efforts have apparently stopped there.

"Our service was used as a gateway," said Ronald Eociario, a system administrator for the ISP. "We already have pinpointed the (suspected source)."

Eociario said he used log files to track the account's users to another ISP in the Philippines, but "we're not sure whether they're the (originating) host."

Instead, the worm writer could have obfuscated his identity by passing through several accounts before creating the four accounts that contained the code. That's a common practice among traditional network attackers.

The worm, which is officially called W95.ILOVEYOU.bin.worm and VBS_Loveletter-o, contacts one of four Web pages hosted on Sky Internet to download malicious code, in addition to its e-mail-spamming and infection components. Researchers have determined that the code copies system passwords and forwards them on to an email address based in the Philippines. Sky Internet has since taken the file -- called WIN-BUGSFIX.exe -- offline.

The four Web pages that acted as remote download sites for the worm have been shut down, Eociario said.

Early worm catches the user?

Sky Internet first noticed the effects of the worm when traffic spiked at 4 p.m. local time (1 a.m. PST) on Thursday, signalling that a large number of computers had been infected and were dialing in to be "updated."

The ILOVEYOU worm first hit companies in Asia early Thursday morning and moved through Europe and then the United States as workers opened their early morning email. The worm activates when users click on an attachment "LOVE-LETTER-FOR-YOU.TXT.vbs," replacing files with its code, mass mailing itself out and then attempting to connect to the servers in the Philippines.

Researchers confirmed that WIN-BUGSFIX.exe installs itself and then attempts to copy passwords. The passwords are then e-mailed to another account in the Philippines.

The National Infrastructure Protection Centre, an agency jointly run by the FBI and the Department of Justice, said they were investigating the issue, but would not give details.

What do you think? Tell the Mailroom. And read what others have said.

Go to our ILOVEYOU Special Report

Did you find this article useful?
43 out of 97 people found this useful

Share this article:

Digg

Slashdot

Del.ici.ous

Stumble

Reddit

Post a comment

Full Talkback thread

0 comments

Related Links

Reviews Google Apps Premier Edition

News Virus writers claim Blair's email account was hacked

News IE flaw puts credit card info at risk

News On the trail of the ILOVEYOU author

News Hotmail flaw may have been admin tool gone awry

Most Recent

Most Popular

Most Discussed

Infosys Q2 results buck economic downturn

IBM invests in business partners' training

EDS loses unencrypted armed-forces data

Dell Inspiron Mini 9 with Vodafone mobile broadband

First touchscreen BlackBerry unveiled

RIM: BlackBerry Storm was Vodafone's brainwave

Accenture UK job cuts to hit IT workers

Batteries law could force iPhone design change

ISO offers to take on ODF maintenance

Dell Inspiron Mini 9 with Vodafone mobile broadband

Netbook returns blamed on Linux 'teething problems'

Microsoft throws another lifeline to Windows XP

More In Online business

Hacked iPlayer for Symbian Series 60 in action

Ballmer's quest to rival Google in search

Ten tweaks to love (and hate) in IE8

Company/Topic Alerts

Create a new alert from the list below:

ISP
Worm
.vbs
Sky Internet

FBI
iloveyou
Philippines

Related Jobs

Service Desk Analyst

Snr Network Engineer - Leicester - Permanent

Service/Relationship Manager (SLA/MS Office/ISP)

Toshiba touts Quantum Key Distribution

Toshiba research scientists have developed a method of distributing quantum keys more efficiently, the company has claimed in a statement: "[Quantum Key Distribution -- ] QKD --... More

Post a comment

Virtual Teams: Small Business Innovati...

Virtual Teams: Small Business Innovation Author: Eric Everson, Founder – MyMobiSafe.com As the founder of MyMobiSafe.com, I’ve found that because of our presence in the industry... More

Post a comment

Mobile Security and Innovation: An Ope...

Mobile Security and Innovation: An Open Case Author: Eric Everson, Founder MyMobiSafe.com The times are changing in the mobile industry as “big wireless” in the US Markets are calling... More

Post a comment

Install Flash Player Plugin

Skip Sub Navigation Links to CNET Brand Links

Email address: Password:
Remember me

Help

Become part of the ZDNet community.

Sign up now!
or Take a Tour

Security threats

Mobile devices

Application development

Network management

Desktop platforms

Security management

Databases

Processors

Server platforms

Storage

Mobile working

Office applications

After hours

Mail & messaging

Training

Disaster recovery

Enterprise applications

VoIP

Emerging tech

Green IT

Outsourcing

Virtualisation

SME

Enterprise open source

Industry watch

Online business

Accessibility

Management

Intellectual property

Compliance

On the Road

Sentry Posts

Vista Upgrade

Uptime

Small Business

Homebrew Blog

Rupert's Diary

News

Reviews

Post Room

Not safe for work

Daily News

ZDNet Insight

ZDNetWeek

ZDNet Events

Mobile Update

Communications Update

IT White Papers

Security

Software Tools

Reviews & Prices

Netbuyer Best Deals

ZDNet Announcements

IT Jobs

ZDNet.co.uk

CNET Networks

Home

Site Map

RSS Feeds

Content Archive

ZDNet.co.uk Mobile

Search Library

Membership

Log in

Register

Forgotten Password

Membership benefits

Newsletters

About Us

Contact Us

Find Us

Privacy Policy

Permissions and Reprints

International

Advertise

News

Hardware News

Software News

Communications News

Internet News

Security News

IT Management News

Emerging Technology News

Leaders

Blogs

Group Blogs

News blog

Reviews blog

Not Safe For Work blog

Rupert's Diary blog

Sentry Posts blog

Vista Upgrade blog

On The Road blog

Homebrew blog

Post Room blog

Uptime blog

ZDNet UK Staff Blogs

Rupert Goodwins

Charles McLellan

David Meyer

Tom Espiner

Colin Barker

Karen Friar

Core Techs Expert Blogs

Adrian Bridgwater

Peter Judge

Christian Harris

Tech Community

Top 100 ZDNet UK Members

My ZDNet Tour

Forums

Competitions

Community FAQs

Benchmarks

Business Value benchmark

Server Value benchmark

Desktop Management benchmark

Mobile Security benchmark

White Papers

Most Popular white papers

Free Software Downloads

Windows downloads

Mac downloads

Mobile downloads

iPhone Apps downloads

Reviews

Hardware reviews

Accessory reviews

Audio reviews

Component reviews

Desktop reviews

Handheld reviews

Imaging reviews

Input Device reviews

Mobile Phone reviews

Monitor reviews

Netbook reviews

Networking reviews

Notebook reviews

Printer reviews

Projector reviews

Server reviews

Storage reviews

Software reviews

Content Creation reviews

Developer Tool reviews

Enterprise Application reviews

Operating System reviews

Productivity software reviews

Security reviews

Utility reviews

Editor's Choice reviews

Buyer's Guides

Tech Guides

Tech Resources

Company Pages

Technology Events

Research Panel

IT Jobs

Articles

Case Studies

Comment

FAQs Articles

Features

Image Galleries

Tutorials

Video stories

Research

Compare Prices

Laptop prices

Cheap Laptops

Desktop prices

Mac laptop prices

Mac desktop prices

Tablet PCs prices

PDA prices

Printer prices

Printer cartridges prices

Scanner prices

Monitor prices

Windows oftware prices

Server prices

Special Features

Broadband Speed Test

CIO Vision Series

Dialogue Box

Advertising Features

Intel Make the Case

CNET Networks UK

atlarge.com

BNET UK

CNET.co.uk

CNET.co.uk Reviews

CNET.co.uk Crave

CNET.co.uk Video

CNET.co.uk Check Prices

CNETTV.co.uk

GameSpot UK

silicon.com

silicon.com Comment

silicon.com Management

silicon.com Hardware

silicon.com Software

silicon.com Networks

silicon.com Services

silicon.com White Papers

SmartPlanet.com

ZDNet.co.uk

CNET Networks in Europe

businessMOBILE.fr

CNETFrance.fr

CnetTV.fr

CNETGadget.fr

GameKult.com

GOOSTO.fr

MusicSpot.fr

ZDNet.fr

CNET.de

silicon.de

ZDNet.de

CNET Networks in the United States

BNET

CHOW

CNET.com

CNET Channel

Download.com

GameFAQs

GameSpot

mySimon

Search.com

TechRepublic

TV.com

UrbanBaby

ZDNet

CNET Networks in Asia Pacific

businessMOBILE Asia

CNET Asia

CNET Asia TV

GameSpot Asia

ZDNet Asia

Apple Source

Builder AU

CNET.com.au

GameSpot AU

ZDNet Australia

CNET Japan

Japan ZDNet

GameSpot Japan

taiwan.CNET.com

Builder China

Cnetnews China

CWEEK China

Ea3w.com

Fengniao

GameSpot China

Netfriends China

PChome.com

PcPro China

Solidot.org

SPN China

XCar China

XiyuIT.com

ZDNET China

ZOL China