At least 14 federal agencies hit by 'Love Bug' virus

[William Knowles <wk () C4I ORG>]

http://www.techserver.com/noframes/story/0,2294,500202543-500280338-501496980-0,00.html

By JESSE J. HOLLAND, Associated Press

WASHINGTON (May 10, 2000 1:22 p.m. EDT http://www.nandotimes.com) -
The already infamous "Love Bug " virus infected computers in at least
14 federal agencies, a government technology expert testified
Wednesday.

"Virtually all of the largest federal agencies have significant
computer security weaknesses that place critical federal operations
and assets at risk to computer-based attacks," said Keith Rhodes,
director of the Office of Computer and Information Technology
Assessment in Congress' General Accounting Office.

Among the agencies hit by the Love Bug virus were the Social Security
Administration, the Energy Department, the Central Intelligence
Agency, the National Aeronautic and Space Administration, the
Immigration and Naturalization Service and the Defense Department,
Rhodes told the House Science technology subcommittee.

The "Love Bug" virus, which has been called the fastest-spreading and
most destructive computer virus ever, caused a flood of e-mails with
the subject line "ILOVEYOU" to course through computer systems
worldwide. When opened, the virus can destroy graphics and other saved
files. Several variations appeared soon after.

The Love Bug also installs a password-stealing program, experts said.

"Some DOD (Defense Department) machines required complete software
reloads to overcome the extent of the damage," Rhodes said. "The
virus-slash-worm spread rapidly through the department, penetrating
even some classified systems."

So far, anti-virus experts have detected 26 different versions of the
Love Bug virus, said Sandra England, vice president of development for
McAfee, a provider of anti-virus software. Lloyd's of London has
estimated the damage caused by the Love Bug to be over $15 billion,
said Rep. Constance Morella, R-Md, chairwoman of the subcommittee.

To stop future viruses, agencies have to improve their security
planning and management, Rhodes said. "Clearly, it is difficult to
sniff out a single virus attached to an e-mail but if 100 e-mails with
the same configuration suddenly arrive, an alert should be sounded,"
he said.

The easiest way is to educate people about computer "hygiene,"
including not opening unexpected e-mail attachments, said Harris
Miller, president of the computer group Information Technology
Association of America.

"This bug was passed along because people were opening e-mail that
they shouldn't," said Miller, who was among those testifying today.
"Why, in a professional environment, would you open something that
says `I love you?' Good common sense should tell you that if it's not
coming from someone who should be saying `I love you,' then you
shouldn't open it."

Agencies should also continually update their anti-virus protection,
but hackers perpetually develop new viruses that the anti-virus
software doesn't anticipate, he said. Young people, who comprise most
hackers, also should be taught about the damage they cause by creating
computer viruses, he said.

"But the key here is good computer hygiene," he said.

A Filipino bank employee was arrested Monday and called a primary
suspect in creating the virus. He was released Tuesday, and his
girlfriend was being sought for questioning.


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".