ad info  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  




Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent



More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections


4:30pm ET, 4/16










CNN Websites
Networks image

New e-mail virus may hurt worse than 'Love'

Industry Standard

May 12, 2000
Web posted at: 9:25 a.m. EDT (1325 GMT)

(IDG) -- As detectives in the Philippines continue their investigation of the "ILoveYou" virus and as corporations worldwide scramble to clean up its aftermath, security experts in the U.S. are targeting a new, potentially more destructive e-mail virus that doesn't even require its attachment to be opened before wreaking havoc.

The new virus, called Kak, seizes on any e-mail program that recognizes HTML, the language used to create most Web pages, and infects computers when the e-mail message that contains it is merely opened or previewed.


Kak affects computers running Internet Explorer 5.0 or Microsoft Office 2000. It spreads by taking advantage of a security hole in Explorer that is caused by a programming bug in an ActiveX control called scriptlet.typelib. The browser doesn't need to be running for the virus to be unleashed, and the bug can be installed on a computer through its default security settings, according to a security alert issued Wednesday by the System Administration, Networking and Security Institute.

"If the ILoveYou virus had made use of this, we would have gone crazy," says Jimmy Kuo, a McAfee fellow at Network Associates. "By the time you find out you've received the e-mail, you've gone and looked at it, and that itself sets off the virus and it's a bit too late."

The ILoveYou virus spread via Microsoft Outlook, sending itself to all recipients listed in a user's address book before deleting image files and hiding audio files. It has spawned at least 25 copycats with varying levels of destructiveness. Police in Manila, Philippines, released a man from custody who they initially suspected of writing the virus, and are now looking at suspects connected with a local university.

  Inoculate your PC against e-mail viruses
  The wicked list: Viruses to watch for
  FEMAās āLoveā potion
  TechInformer: The Thinking Internaut's Guide to the Tech Industry
  Reviews & in-depth info at
  Industry Standard email newsletters
  Questions about computers? Let's editors help you
  Industry Standard daily Media Grok
  Search in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

In response to the outbreak of the virus, which has caused an estimated $6.7 billion in damage, Microsoft and security experts have advised computer users that the best way to preempt infection is to avoid opening suspect attachments. That remedy no longer applies.

A Minneapolis company claims to have developed the first software that allows users to recover files destroyed or hidden by the ILoveYou virus. OnTrack Data International's EasyRecovery software, which sells for $49.95 and can be downloaded here, restores JPG, JPEG, MP2 and MP3 files damaged by the virus to their original condition. It doesn't attempt to repair corrupted files or rewrite the original drive, but instead locates the files' signatures, copies "deleted" image data to a new location and reveals the location of audio files, says Jim Reinert, OnTrack's director of software products.

While the Kak virus, which Network Associates believes originated in France, isn't as malicious as the ILoveYou bug and doesn't spread in the same way, it has the potential to be the most dangerous virus to date if it were expanded with nasty attributes.

"The only viruses using [the hole] aren't very malicious, but that has nothing to do with tomorrow," says Alan Paller, director of research at the SANS Institute.

So far, the Kak virus doesn't do any damage and merely displays a message on the first of the month that says: "Kagou-Anti-Kro$oft says not today!" according to Network Associate's profile of the virus. If a user's security settings are set high, Kak might display warning messages regarding ActiveX and scripts. Users who see a dialogue box asking, "Do you want to allow software such as ActiveX controls and plug-ins to run?" should respond "No."

The same security hole that spawned Kak also exposes users to harmful scripts in malicious Web pages. Microsoft could not be reached for comment on the hole, but a bulletin posted on the software giant's Web site says it could allow a "malicious Web operator to take inappropriate actions on the computer of a user who visited the site."

Users of IE 5.0 and Office 2000 should update their virus-detection software in order to close the hole, which takes less than five minutes, according to Paller. Network Associates also advises computer users to remove Windows Scripting Host from their systems.

Tools to patch the hole, which Microsoft posted in August 1999, are available here, and a correction script may be run directly from here. Network Associates has information on its Web site about the virus.

Linux users unscathed by ILOVEYOU
May 9, 2000
Clues lead to ILOVEYOU writer's older, cruder work
May 6, 2000
I was bitten by the love bug
May 5, 2000
Copycat viruses following 'ILOVEYOU' computer bug are no joke
May 4, 2000
Government computers: The ultimate hackers' proving ground
March 23, 2000
'Melting Worm' slithers into the wild
March 17, 2000
Viruses boom on the Net
January 18, 2000
Protect against Trojan Horses
January 17, 2000
Viruses anew pop up post-Y2K
January 5, 2000

Self-replicating virus exploits the File and Printer Sharing flaws of Windows networks
FEMAās āLoveā potion
Federal Computer Week
Viruses keep branching out
PC World
NAI, team to ensure virus alert notification
The wicked list: Viruses to watch for
PC World
Hotmail users are spreading viruses, ISP says
Inoculate your PC against e-mail viruses
PC World
Press, marketers still love the bug
Industry Standard

Dialogue Science's antivirus site
MIT analysis: Internet Virus of '88

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.