Philippine police suspect young female authored 'love bug' virus

[William Knowles <wk () C4I ORG>]

http://www.techserver.com/noframes/story/0,2294,500201388-500278198-501477553-1,00.html

By JASON GUTIERREZ, Agence France-Presse

MANILA, Philippines (May 7, 2000 12:31 p.m. EDT
http://www.nandotimes.com) - Philippine police on Sunday asked a lower
court to issue an arrest warrant for the suspected author of the "love
bug" virus that caused havoc worldwide, the National Bureau of
Investigation said.

The suspect, whose identity was not released, has been placed under
surveillance in a "target area," Nelson Bartolome, chief of the NBI's
anti-fraud and computer unit told AFP.

Sources within the NBI said authorities suspect a young female hacker
and fear she may have already destroyed key evidence against her.

The sources said the suspect unleashed the virus from a desktop in
Pandacan district in Manila, infecting at least 10 million computers
worldwide including the White House, Congress and Pentagon in the
United States as well as the British and Danish parliaments.

The virus has also caused some $2.61 billion in damage, experts said.

"We are still trying to have a warrant of arrest issued. We have a
suspect," Bartolome said.

"We will serve the warrant immediately, but there is no time frame. It
all depends on the issuance of a warrant which will be made by a
judge. We are hoping to have it by tomorrow," Bartolome said.

The virus, which originated in a Philippine Internet service provider,
appeared Thursday and spread around the world in a matter of hours via
an e-mail with the message "ILOVEYOU."

The original bug was allegedly planted last month by a hacker
identified as "mailme," "spyder" and "ispyder," who left a message
saying "I hate to go to school."

The NBI source said the suspect may have already destroyed evidence
against her "or may have covered-up the hacking job and we can't do
anything about that."

Earlier Sunday, police chief Panfilo Lacson confirmed the authorities
were preparing to arrest the creator of the "love bug," which experts
consider the most destructive computer virus ever unleashed.

Lacson said police and NBI agents were working overtime in a "joint
operation" to bring in the suspect.

Earlier reports said a comparison of notes made by Philippine Internet
service providers traced the suspect to a 23-year-old man from
Manila's Pandacan district.

Although launched from a local Internet service provider, the virus
could have been activated from anywhere in the world, experts said.

Conflicting reports from Stockholm claimed a Swedish computer expert
had said he had "reason to believe" that a German exchange student in
Australia called Michael planted the virus.

Robbie Villabona, Sky Internet Inc.'s technical operations director,
said the virus was stored in their Webspace in two parts -- one that
deleted visual and audio files and one that attached itself to an
e-mail.

Sky Internet was one of three local service providers used to spread
the virus.

When the e-mail is opened, the virus burrows through a user's computer
files to find the username and password and then sends it back to the
hacker's Philippine account.

The virus also finds the computer's e-mail address book and forwards
itself to each name on the list.

"That part of the virus had been taken off within 15 minutes after it
was reported to us. But we couldn't control the visual files.
Definitely it's still spreading but not at the scale it did on the
first day," Villabona told AFP.

Their company's mail server has been blocking the virus from entering
computers of their estimated 20,000 subscribers since it was detected
Thursday, he said.

"As a result of this virus, some other networks in the world blocked
traffic from our server. It has affected us substantially," he said.

"We have given the NBI appropriate information (so) that they can
identify the suspect. The next step is to identify and apprehend," he
said.


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".