|Editions | myCNN | Video | Audio | Headline News Brief | Feedback||
Philippine student group notorious for hacking
(IDG) -- The underground student organization being implicated in the "I Love You" virus case is notorious for spreading viruses and hacking local Internet service providers. The group, Grammersoft had tried to hack into Moscom Internet, the country's largest ISP, several times in the past and have intentionally spread viruses to Moscom subscribers at least twice, said Willy Gan, the company's president.
Agents of the National Bureau of Investigation (NBI) have been investigating the group after computer experts discovered the word Grammersoft embedded in the code of the "I Love You" virus which affected computer systems worldwide and caused an estimated damage of $10 billion.
In a press conference last week, Onel De Guzman, the 23-year old student of AMA Computer College (AMACC) suspected of writing the virus with his college buddy Michael Buen, admitted that he was a member of Grammersoft. He also said other members of the group had knowledge of a password-stealing program he created for his thesis project.
In the same event, De Guzman admitted that he might have accidentally sent a virus through the Internet.
Officials of AMACC told journalists earlier that De Guzman's thesis project, a software program that was capable of capturing and sending passwords from an infected computer to a specified email address, was similar to the "I Love You" virus.
De Guzman was traced by investigators through user names provided by three local ISPs, namely Sky Internet, ImpactNet, and Access Net, which was used by the "I Love You" virus author to launch the virus. The telephone number that was used to access the ISPs were also traced to the apartment of De Guzman.
Buen, who graduated from AMACC early this month, was also identified as a possible suspect by investigators because of his thesis project, a software program that could save multiple, even hundreds, of copies of a file using a single save command.
Karim Bancola, senior vice president of AMACC, surmised that the two software programs could produce the same effects as that of the "I Love You" virus if they were combined.
Buen on Sunday denied any involvement in the creation of the virus and defended himself, saying his thesis project was approved by AMACC officials. He is also not a member of Grammersoft.
Investigators, however, found a copy of a Microsoft Word macro virus allegedly authored by Buen in one of the diskettes seized from the apartment of de Guzman. The virus contained Buen's resume and a threat that says: "If I don't get a stable job by the end of next month, I will release a third virus that will delete all folders in the primary disk."
Nelson Bartolome, assistant director of the NBI's anti-fraud and computer crimes division, said they found no similarities between the "I Love You" virus and the virus found in the diskette, except for the fact that both were written using the Visual Basic programming language.
In a report by the NBI's technical team, Buen was described as "an above-average programmer with proficiency in Word Macros and the Visual Basic programming language."
Manuel Abad, executive vice president of the AMA Educational System, confirmed that De Guzman and Buen were friends. In Buen's resume, he listed De Guzman as one of his references. He also listed President Estrada and other prominent persons under "Not my references" in his resume.
Abad said both students were members of Grammersoft, but only De Guzman confirmed that he was a member of the group, which wrote software programs for small and medium-sized companies and sold thesis projects to students.
But far from being legitimate, Grammersoft members were engaged in hacking and creating viruses, claimed Moscom's Gan.
"Grammersoft has been trying to hack into our systems for quite some time and sending fake emails to our subscribers," said Gan in an interview with Computerworld Philippines.
Shortly before the "I Love You" virus came out, members of the group sent a fake email with an attached virus program to subscribers of Moscom.
The fake email was disguised to make it appear that it came from Moscom's network administrator. Recipients of the email were asked to open an attachment that was supposedly a patch to improve Internet access to Moscom's network.
The attachment was actually a virus which was also written in the Visual Basic programming language, claimed Gan.
Gan said it is not their practice to send attachments to subscribers or authorize their network administrator to send out such email messages to users.
"When we discovered it, we quickly sent out a warning not to open it. There were users who were affected but only a few because of the warning," said Gan. "It's easy to recognize that it's a fake because of the header and we normally don't send email like that."
Gan explained they traced the email to members of Grammersoft through the email's originating IP address. The group had tried to perform this trick at least twice already, he added.
"I don't like what they're doing because it's disrupting our operations."
He admitted Moscom is helpless in preventing people from sending such email messages because they can not filter all the email messages that go through their network everyday.
Reporting the incident to the National Bureau of Investigation (NBI) would not help much either, he said.
"How can you go to the NBI, they don't know what to do with these types of crime?," Gan stressed.
Clues lead to ILOVEYOU writer's older, cruder work
RELATED IDG.net STORIES:
Inside a hacker's toolchest
Philippine National Police
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.