Computer virus mutates

Friday, May 5, 2000 | 11:38 a.m.

SUN STAFF AND WIRE SERVICES

Fresh from fending off the insistent advances of an e-mail virus disguised as a love letter, computer users today faced new variations of the destructive "ILOVEYOU" bug, one concealed as a joke, another as a confirmation notice for a Mother's Day gift order.

Variations of the bug spreading today included a version with an attachment labeled "Very Funny," while another arrives as confirmation that the recipient's credit card has been charged $326.92 for a Mother's Day "diamond special."

Computer users were advised to delete these e-mails without opening them or their attachments.

By some estimates, the original "love bug" infected tens of millions of computers worldwide, not only spreading by e-mail like last year's Melissa virus, but through instant messaging systems that let people chat on the Internet.

And, in another malicious twist, the new virus was designed to destroy several types of increasingly popular computer files, including those storing photographs and video.

"If this (virus) is unleashed on your home computer, I hope you have backups. It is a destructive file," said Shawn Hernan, vulnerabilty team manager at the CERT Coordination Center, the government-chartered computer security team at Carnegie Mellon University in Pittsburgh.

Las Vegas companies and government agencies appeared to cope well with the situation.

Dallas-based Southwest Airlines, the airline with the most commercial flights serving Las Vegas' McCarran International Airport, was a likely target for the virus, since it is headquartered at Love Field and its stock ticker symbol is LUV.

Airline spokeswoman Linda Rutherford said Southwest averted major problems because the company's technical services department received an early alert from a subscription service that warns about potential viruses and employees were told right away how to disable the bug.

Some departments at Nevada Power Co. had their e-mail capability shut down Thursday, but spokesman Thomas Moore said everything was expected to be back to normal today.

"Yes, we got hit by it," Moore said. "But thankfully, it didn't affect all the important stuff. People were frustrated that they couldn't use e-mail for awhile, they just worked around it."

Moore explained that customer billing, dispatch and other critical computer systems work from a mainframe computer that isn't part of the network that is used for e-mail. So, while the love bug affected communications, it didn't get into the systems critical to operations.

The Las Vegas Convention and Visitors Authority shut down e-mail access to and from the agency when it was discovered 20 to 30 employees received the ILOVEYOU note.

Brad Rogers, director of information technology for the LVCVA, said the agency's computer server was upgraded with the appropriate software to prevent damage and e-mail was running again today.

"We got the word soon enough that we were able to shut it down," Rogers said. "It never really initiated for us."

At Station Casinos Inc., quarantine proved to be the solution from "Love Bug" disruptions. The company shut off its e-mail system Thursday afternoon as warnings of the virus spread.

"We were notified very early yesterday afternoon," said Station spokesman Jack Taylor. "It really had no effect on us. Several people saw it on their screen and deleted it."

Advance notice of the virus helped stave off problems for some Las Vegas retailers.

"We received notification about the virus from our head office in Chicago first thing in the morning," said Frank Wheat, general manager of Las Vegas' Meadows Mall.

"The message was marked high priority and because we had a heads-up, we had no reported incidents. The same would likely be true at all 136 properties owned by our parent company."

Chicago-based General Growth Properties owns both the Meadows and Boulevard malls in Las Vegas.

Chuck Gipp, security manager for Wells Fargo & Co.'s Nevada operations, said his bank's systems managers were able to prevent any operational disruptions.

"We had absolutely no reports of any (virus-related) incidents," he said. "Our system administrators in our home office in San Francisco were on top of it, and so every employee who has e-mail was made aware of the problem early on.

"We had (systems) people on top of the matter both at the home office, as well as in each state where we operate."

And communication at city of Las Vegas offices stepped back to the 20th century after 150 computers were infiltrated by the bug, forcing officials to shut down e-mail, electronic calendar systems and certain databases.

"We don't intend to love it back," said Information Technologies Director Joseph Marcella. "We shut the whole system down."

By 7:20 a.m., the city of Las Vegas shut down the city's server, called Microsoft for help and began backing up files so nothing would be lost.

None of the city's emergency systems were affected, although an unrelated computer glitch did shut down the fire department's mobile computers from 8:10 to 8:20 a.m.

"At no time did we miss any emergency calls," Fire Chief Mario Trevino said.

Mayor Oscar Goodman listened with a perplexed look on his face as Marcella discussed how the virus can hit JPEG and MP3 files.

"Speaking for the mayor, he has not missed a heartbeat today," Goodman joked.

But the many city workers who do rely on e-mail and electronic scheduling were affected.

"What it did to us is that even with the few machines that were affected, it almost brought our mail server to its knees," Marcella said.

Initially, the bug attacked by steering a computer's Internet browser to visit a website that was later shut down by its service provider. At the website, the virus would download a program that searched for various types of passwords and sent them to an e-mail account that appears to be based in the Philippines, antivirus experts said.

The virus targets computers running on Microsoft's Windows operating system, attacking the Outlook e-mail program and the Internet Explorer browser, both of which are also made by Microsoft.

It spreads like most e-mail viruses, arriving as a seemingly friendly message, infiltrating a person's computer address book and sending copies of itself to contacts listed.

Some experts said the worst impact may have been the way the virus crashed e-mail systems and crippled networks.

"There were lots of copies of this in mail boxes, but not so much damage," said Carey Nachenberg, chief researcher at Symantec Antivirus Research Center, noting that the Explore.Zip virus that struck last June "was 10 times nastier in terms of its destructive capacity."

The Federal Bureau of Investigation quickly opened a criminal investigation into the outbreak, while computer security firms scurried to post software on their websites to scan for the bugs and remove them from infected machines.

archive