ad info technology > computing
  myCNN | Video | Audio | Headline News Brief | Free E-mail | Feedback  




Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent



More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections


4:30pm ET, 4/16










CNN Websites
Networks image

Destructive 'ILOVEYOU' computer virus strikes worldwide

Destructive 'ILOVEYOU' computer virus strikes worldwide

May 4, 2000
Web posted at: 10:51 AM EDT (1451 GMT)

(CNN) -- On Thursday, saying "ILOVEYOU" was especially hard to do. A self-propagating computer worm has infected government and business computers in Asia, Europe and the United States.

The virus was first reported in Hong Kong, spreading through Microsoft Outlook e-mail systems and through a popular Internet Relay Chat program.

Two anti-virus companies, Symantec, which makes Norton Anti-Virus, and F-Secure, have posted "virus definition" files for the "ILOVEYOU" virus. Those files have so-called "fingerprints" for the virus, allowing those programs to detect and eliminate it.

How many 'ILOVEYOU' e-mails did you get?

More than 40
View Results

The virus is "widespread" at the U.S. Senate computer system, according to Elizabeth McAlhany of the Senate Sergeant At Arms office. Every Senate office has been paged, alerted them to the virus. The Senate's internal e-mail system was shut down.

Effects are minimal at the House of Representatives, although "hundreds of thousands" of copies of the virus were deleted, according to the Committee on House Administration which is overseeing the defense efforts.

"By all looks, it doesn't appear to be too bad," Jason Poblete, a spokesman for the committee told CNN. "No one knew it was coming. But we won't know about permanent technical damage until it's over," he said. The House e-mail system is still operating, Poblete said.

Britain's House of Commons was also hobbled by the virus.

"I have to tell you that, sadly, this affectionate greeting contains a virus which has immobilized the House's internal communication system", said House leader Margaret Beckett.

In Hong Kong the virus appeared late in the afternoon, and is reported to have hit public relations firms and investment firms particularly hard. Dow Jones Newswires and the Asian Wall Street Journal were among the victims.

In Europe, the virus reached European parliaments, big companies and financial traders early Thursday.

Officials at the Norwegian anti-virus company Norman said they first heard of the virus around 10 p.m. CET.

"The virus first showed up on my desk one hour ago", virus analyst Snorre Fagerland at Norman told CNN Norway. "Usually we get a few days notice until the virus reaches us, thus this virus seems to be very aggressive."

In Denmark, the TV2 channel, the telecom company Tele Danmark and the Danish parliament were all victims.

Security experts at F-Secure have analyzed the virus thoroughly. Users usually get an e-mail, sometimes from someone they know, asking them to check the attached "Love Letter." That file is a VisualBasic script, which contains the virus payload. As long as the user deletes the e-mail without opening the attachment, their computer is safe from harm. Once a computer is infected, the virus transmit itself through e-mail using Outlook's address book.

"What makes this virus so much more aggressive than Melissa is that this virus sends copies to all the addresses, whilst Melissa only sent copies to the first 50 addresses," Fagerland said.

The virus can also travel through the Internet Relay Chat client mIRC, according to F-Secure, which has analyzed the malicious code.

Unlike the "Melissa" virus, which traveled in a similar fashion, "ILOVEYOU" is more destructive. First, it copies itself to two critical system directories and adds triggers in the Windows registry. This ensures that it's running every time the computer reboots.

The virus then starts affecting data files. Files associated with Web development, including ".js" and ".css" files, will be overwritten with a file in the VisualBasic programming language. The original file is deleted. It also goes after multimedia files, affecting JPEGs and MP3s. Again, it deletes the original file and overwrites it with a VisualBasic file with a similar name.

The beginning of the virus code indicates a possible origin. In comments, the virus is signed by "spyder," and contains an anonymous e-mail address and a company name. It is also signed "Manila, Philippines," and with the comment, "i hate go to school."

Taking a lighter view of the virus, British Commons leader Beckett said she did not know whether to be "sorry or pleased that as far as I'm aware, I have not received an e-mail saying 'I love you.'"

Morton Overbye of CNN Norway, CNN producer Ted Barrett and Congressional Correspodent Frank Black contributed to this report.

Government computers: The ultimate hackers' proving ground
March 23, 2000
'Melting Worm' slithers into the wild
March 17, 2000
Viruses boom on the Net
January 18, 2000
Protect against Trojan Horses
January 17, 2000
Viruses anew pop up post-Y2K
January 5, 2000

F-Secure Web - Main index
   •F-Secure Virus Info Center
Symantec Worldwide Homepage
   •Symantec AntiVirus Research Center

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

Back to the top  © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.