Feds on alert for new, destructive virus

Feds on alert for new, destructive virus

By Christopher J. Dorobek

GCN Staff

MAY 19'Just when you thought it was safe to check your e-mail, a new, potentially devastating computer virus began making the rounds today.

The virus, which is being called NewLove, comes on the heels of the ILOVEYOU virus that left agencies scrambling earlier this month [see story at www.gcn.com/vol19_no11/news/1968-1.html]. The NewLove virus is much more malicious because it can wipe out all of the files on a PC's hard drive and open network connections, but it is spreading more slowly and there have been relatively few reports of damage.

As word of the virus spread this morning, some agencies, including the Small Business Administration, shut down e-mail altogether as a precaution.

Like previous e-mail viruses, the worm spreads primarily through Microsoft Outlook. But unlike earlier versions, the worm changes the subject line and the program code every time it is retransmitted, making it more difficult for users and antivirus programs to detect.

An alert from the FBI's National Infrastructure Protection Center, at www.nipc.gov/alert00-043.htm, said the worm takes the name of a file a user had been working on and places that file name into e-mail and attaches a .VBS extension. If a user opens the attachment, the worm can damage all files not currently in use by changing the file extensions to .VBS and changing the file size to zero, experts said.

The worm then also transmits itself to all of the addresses in the Outlook address book.

Experts warned users not to open any attachments, particularly anything with a .VBS extension.

In the wake of the rash of viruses, Microsoft Corp. promised to post a patch that would hamper the spread of similar viruses. The fix is not yet available.

The overall impact was unclear at midday. Some federal agencies were taking precautions, but there were no reports of widespread problems.

Several state officials said the new virus generally hadn't affected their operations. Mike Benzen, Missouri's chief information officer, said, "We've polled all the agencies, and nobody's been touched by it." His office has distributed an antivirus software upgrade to combat the worm.

Pennsylvania also hadn't been hit, said Scott Elliot, spokesman for the Department of Information Technology. "We did a random survey of the agencies, and there has been no outbreak of this virus," he said. 'We did have an antivirus solution distributed, but there have been no infections so far.'

The latest virus comes as General Accounting Office officials criticized the government's effectiveness in dealing with the ILOVEYOU virus. Jack Brock, GAO's director of governmentwide information issues, told the Senate Banking Subcommittee on Financial Institutions Thursday that agencies were hit by the ILOVEYOU virus because of a lack of coordination and poor internal communication.

"The incident was a good lesson learned, but an expensive lesson learned," Brock said "It pointed to a lack of coordinated oversight. Agencies need to do more."

The federally funded CERT Coordination Center at Carnegie Mellon University has posted information about the NewLove virus at www.cert.org/current/current_activity.html#loveletter.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.