ILOVEYOU reports keep coming in
Published: 04 May 2000 11:28 BST
The ILOVEYOU worm has infected countless European corporations, upto 10 percent of UK computers and is playing havoc with the government's communications. All this a few hours after it was first spotted earlier today.
The Cabinet Office says the government has been forced to shut down its email system after the malicious worm began to proliferate. The House of Commons has reportedly been brought to a standstill and a spokeswoman confirms that all electronic communications between government ministers has been halted. Head of the House, Margaret Beckett, issued a statement warning of the danger. In it she said the Commons had acted "swiftly" and "appropriately".
Even the NHS, with its strict controls on how email is used by staff, has reported that several departments have been hit by the ILOVEYOU worm.
But it is the large corporations that depend so much on electronic communications, who have been hardest hit. Lucent, Credit Swiss, Barclays and World Online have all reported major difficulties, including lost data.
One source said early Thursday, "We've just scanned one of our file servers as we noticed that the used space had greatly gone down." That source later reported that over 60Gb of JPGs -- graphics files -- had been deleted from his company's hard drive.
Although most anti-virus companies have issued patches for anti-software that will stop the worm spreading, it is clear that the damage has already been done. A spokesman for AT&T told ZDNet: "We picked up the worm and from what we have learned so far, there are no worm detectors that can deal with it yet."
The spokesman added: "We think it does two things. First it seems to send out an instruction to the global address book in Outlook. This goes out to a much bigger number of targets than Melissa did. It also sends users to www.skyinet.net by reconfiguring the default home page in Internet Explorer. We're not sure why it does this at present."
Anti-virus firm Sophos, describes ILOVEYOU as the fastest spreading worm since the Melissa outbreak of last year. Virus experts at MessageLabs described the worm as the "worst virus attack ever seen."
Experts agree that ILOVEYOU is written in Microsoft's Visual Basic scripting language and borrows some script from an earlier worm -- the KAK worm. It damages files with the extensions: .vbs, .vbe, .js, .jse, .css, .wsh, .sct, .hta, .jpg, .jpeg .mp3, .mp2. It uses the global address list in Microsoft Outlook and the nickname list in the MIRC messaging application to propagate.
Towards the end of the day, ZDNet was receiving reports that suggest the worm is able to glean network passwords which can then be passed to a remote computer. These reports have not been corroborated.
Probably the most shocking aspect of ILOVEYOU is the speed at which it spreads. By 3pm GMT first reports were already coming in of US organisations that had been hit by the worm.
Despite the worm attacking Microsoft's Outlook, the software company had no comment after several telephone calls.
If you receive an email with the attachment to your email is: LOVE-LETTER-FOR-YOU.TXT.vbs you are advised not to open this attachment.
Were you hit? Tell the Editor
Take me to the Melissa Worm special.
Take me to the Worm Workshop.
Did you find this article useful?
73 out of 110 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
