BOSTON (05/12/2000) - As online viruses and cracker attacks proliferate, information technology shops are fighting back with a combination of end-user smarts and time-tested backup tapes.
Two weeks ago, the "I Love You" virus sailed through firewalls built to allow in Internet mail and crept past filters not yet updated to reject it. In the process, like a fanatical paramour, the self-replicating "Love Bug" disseminated a tainted "I Love You" missive to names listed in affected Microsoft Outlook address books.
Market research firm Computer Economics Inc. in Carlsbad, California, which called the virus a form of economic terrorism, estimated that more than 45 million e-mail users were hit on the first day and put the tab for downtime and lost files at $6.7 billion for the first five days of the virus's global trip.
Yet many companies, such as Caledon Laboratories Ltd. in Georgetown, Ontario, reported minimal damage, thanks to good end-user training and preventive measures.
At Caledon Labs, a specialty chemical solvent supplier, those steps included nightly backups of data and recurrent admonitions to users on the dangers of accepting love notes and other digital come-ons in the form of attachments.
Back Up Every Byte
Steve Trinca, a senior technical specialist at Caledon, said not one user at his firm opened the Love Bug message. Trinca also keeps every byte of data on tapes that get backed up and rotated out of the office each night.
Some IT organizations have established procedures like taking systems off-line to side-step the copycat viruses that typically follow the first virus attack, said analyst Samir Bhavnani at Computer Economics.
"Last year, the Melissa and Explorer.zip [viruses] got companies on the road to putting viruses under the security umbrella," he said. "Companies have started focusing on contingency plans: What happens when the next virus hits? When in doubt, they choose to shut down the [Internet] servers."
Idaho Power in Boise did just that when a user tipped off its help desk about the "Love Bug" at 7:30 a.m. on Thursday, May 4. The utility had taken its Internet and Exchange servers off-line by 7:45 a.m., but in that 15-minute span, the virus rampaged throughout 1,800 e-mail boxes and got into a 90-PC server farm.
"It was a hundredfold, a thousandfold worse than Melissa," said Linda Stewart, corporate data security administrator at Idaho Power.
About 28 hours later, after purging the virus, Idaho Power's Internet servers went back online. Stewart said it's still too early to know "the long-term fallout and to determine costs. But it is significant."