Learning from the Love Bug

SAN FRANCISCO (05/30/2000) - Just when you think you can take a breather from virus paranoia, something else gets the adrenaline flowing. Late Friday we heard reports of the Killer Resume virus, a new variant of the infamous Melissa virus that started the era of widespread infections back in March of 1999.

As of early Tuesday, Killer Resume, which erases your PC's hard drive when you open a .doc attachment to a Microsoft Corp. Outlook e-mail message, seems to have caused little damage. Ditto for NewLove, a short-lived successor to the Love Bug.

But does the relative failure of these two nasty new viruses mean we have learned our lesson?

Yes and no, say virus experts. The Love Bug did help boost antivirus preparedness, especially within businesses, but plenty of vulnerabilities remain.

Unlucky in Love Bug

The Love Bug might have been better named the Las Vegas Virus, experts say, because most of its "success" was mainly luck. It was far from sophisticated, and it could have easily been written by virtually anyone with hacker tendencies.

Part of the Love Bug's explosive spread was due to timing. Released in the Far East in the middle of the night (U.S. time), it had already spread into U.S.-based mail servers by morning, allowing early users to start spreading it before system administrators were aware of the problem.

Another key to the Love Bug's success was its "subtle social engineering," says Roger Thompson, an expert on malicious code at the ICSA, an independent organization that certifies antivirus and security software. Who, after all, can resist opening a message that says I love you?

The Bug Stops Here

But if you're not hooked up to a business network with its own mail server, chances are that you never saw the Love Bug.

I use a regional Internet service provider and receive an average of 100 e-mail messages per day, yet I never received a message with the Love Bug. (I did, however, receive about two dozen messages warning me about it.) ISPs were able to react quickly to filter out the Love Bug because they're "24-hour businesses that are open to the world and concerned about security," points out Jim Finn, a principal with the Enterprise Security Practice for Unisys.

A Bigger Bang in Business

In the business world, though, the timing of the Love Bug's release meant the damage had already been done by the time information technology personnel were on the job. And Finn adds that even though filters were quickly added to stop the Love Bug at corporate Internet firewalls, the "soft insides" of many corporate networks allowed the virus to easily spread.

The damage caused by the Love Bug could have been far worse, and what kept a bad situation from getting worse were the Y2K security preparations that most companies made this year, Finn adds.

Although some companies took draconian measures, such as blocking all e-mail attachments, those measures were mostly short-lived. "After all," says the ICSA's Thompson, "the principle use of e-mail is to move stuff around."

Future Love Machines

Sophisticated antivirus products for corporate mail servers are big business, and suppliers were fast to create patches for the Love Bug and its successors.

But what about future viruses?

The game of cat and mouse between antivirus software and the dark underground of virus developers will continue, but that game keeps changing. Notably in 1999, macro viruses made up between 80 and 90 percent of all virus attacks. But so far this year, macro-based attacks are down to 60 percent, leaving room for script-based attacks such as the Love Bug to take over.

The ICSA is beginning to see some very sophisticated viruses that use extremely advanced and complex programming techniques, Thompson says. So far, none have been successful at becoming widespread.

Of course, antivirus software makers are equally hard at work. The future of successful antivirus software lies in more sophisticated analyses that detect viruslike behaviors before details are known, says Vincent Weafer, director of Symantec's Antivirus Research Center.

Future products will also incorporate "generic behavior blockers," Weafer adds.

For example, an antivirus program might pop up a warning if your e-mail program starts sending out dozens of identical messages shortly after you open an e-mail attachment.

Film at 11

The Love Bug was one major media star. Even local television stations dropped their usual murder-and-mayhem stories to focus on hair-raising stories of dubious accuracy by self-proclaimed pundits. (I knew it was a big deal when my 83-year-old mother, who's never been near a PC, called me and asked if I'd been affected.) Asked how damaging the Love Bug was, industry experts fall back on the Carl Sagan approach, talking of billions and billions of dollars in damage. But no one has come up with any hard numbers, and most likely no one ever will.

Businesses, the group on which the Love Bug took its biggest toll, have been especially tight-lipped.

Perhaps most striking to virus experts is how many people were tricked by the Love Bug. It's "mind-boggling" that so many people blithely double-clicked e-mail attachments from individuals they didn't know, says Finn of Unisys.

In business environments, the cause may be a simple "lack of education," he says. He adds that corporate managers need to have formal training programs that raise awareness by couching security in terms that are both "personal and practical."

But Finn also cautions the importance of not creating an atmosphere of perpetual crisis, which creates fatigue that can actually work against security.

And the ICSA's Thompson comments that while the corporate world learned a hard lesson from the Love Bug, he doesn't have high hopes that the public will remember for very long. After all, he says, "the Weather Channel has to keep reminding us not to drive through flash floods during a thunderstorm."

Join the newsletter!

Error: Please check your email address.

More about ICSAMicrosoftSymantecUnisys Australia

Show Comments

Market Place