X
Business
Home Business Companies Asean

'Love' mutations spreading, expect more

The head of the X-Force reports at least eleven variations of the 'Love' Bug have been identified in the wild -- and more are coming.
Written by David Hellaby, Contributor
ATLANTA - At least 11 variations of the Love Bug worm are now in circulation -- several of them more damaging than the original.

Head of the X-Force anti-hacking group, Chris Rouland, said that as of 11 variations had been identified and more were expected to appear over the weekend.

The variations include one disguised as a confirmation of a Mother's Day gift purchase, which deleted all .bat and .ini files.

He said he was concerned that the worm could just as easily be adapted to install backdoor programs such as Back Orifice or Net Bus on to infected systems and provide a method for them to be constantly reinfected.

Although from an engineering perspective Lovebug was fairly sloppy, it was also fairly "pluggable", which meant it could be used to deliver a wide range of tools.

Ironically, what appeared to be a bug in the worm made it send out more mail than it was programmed to do.

The Love worm sent itself out to every entry in an Outlook address book, a flaw in the program made it send more than one copy to some recipients.

Rouland said he expected the worm and its derivatives to "linger for a while" and people should be checking for anti-virus updates twice a day at present and not opening any attachments.

Despite the worm being responsible for the shutting down of 60 to 80 percent of the e-mail servers in the United States, Rouland said he was still not convinced this would be the education model needed to jolt people into becoming more security conscious.

"I don't think it did enough damage. The damage we saw on Thursday was servers going down or people shutting them down before they went down.

"A lot of people won't get educated until their own computers get blown up."

He said that while the worm stole passwords and sent them to an email address in the Philippines, little damage had been done because the address had been shut down very quickly.

Rouland said while this worm was the fastest spreading in history, people should prepare for much worse.

He said while the anti-virus companies had done a pretty good job bringing macro viruses under control, urgent work was needed to come up with a generic solution for this type of virus.

Rouland also cast doubt on the virus author being found in the Philippines. He said he found it hard to believe that law enforcement authorities could track the author of the virus, known as Spyder, apparently so easily to a suburb in Manila.

"They seem to feel that because they can track down the Internet card he used to connect to a Philippines ISP that they have him."

But the call to the ISP could have been made from anywhere in the world and just because authorities have a phone number meant very little, he said.

"It would be a good feint for a hacker to bounce his package through the Philippines."

Editorial standards
Show Comments

Related

screenshot-2024-05-06-at-10-11-44am.png

Apple quietly promoted an excellent iPhone feature I never knew existed

ZCAM E2 F6.

Use these 5 camera settings on your Android phone for better photos

Google Pixel 8a colors

I've used Google's $499 Pixel 8a for a week. Here's my buying advice for 2024