Linux Today: Linux News On Internet Time.

More on LinuxToday

VNU Net: Love Bug suspect is detained

May 08, 2000, 21:55 (0 Talkback[s])
(Other stories by John Leyden)

By John Leyden, VNU Net

Police in the Philippines have reportedly detained a man suspected of creating the Love Bug computer virus, which caused international mayhem late last week.

According to various reports today, officers from the National Bureau of Investigation (NBI) have taken a 27-year-old man into custody. The man was led in handcuffs by NBI officers from the back of an apartment in the Pandacan district of Manila earlier today.

Investigators seized a telephone, wiring equipment and computer magazines from the man's house, but no computer.

Agents said they were waiting to question a woman who also lives at the apartment.

The FBI and Interpol helped track the virus to the Philippines through a tangled electronic web of evidence that has thrown up several contradictory leads.

Police originally thought the main suspect was male but later said they were hunting a female computer school student from a middle-class family.

The Love Bug worm, which creates a flood of emails with the subject line ILOVEYOU, is estimated to have caused hundreds of millions of damage in lost productivity and damage to computer systems worldwide.

The worm in all its variants so far only affects systems running Microsoft Windows with Windows Scripting Host enabled. Computers using Apple's operating system or Linux remain unaffected.

Once opened as a Visual Basic Script (VBS) attachment by an Outlook mail client, the virus is executed on the local machine. It affects image and music files, such as JPEGs and MP3s, and also tries to download malicious software from around the internet. At the same time, the virus attempts to mail itself to all addresses in the Outlook address book.

Variations of the virus continued to appear over the weekend, one of which masqueraded as a receipt for a Mother's Day gift. Even more worrying, this variant posed as a warning message from the technical support team at antivirus vendor Symantec.

Security clearing house Cert said it had received more than 400 direct reports involving some 420,000 internet hosts.

A Cert spokesman said: "Reports of the worm have levelled off, but we continue to receive reports of variants. At least 10 variants have been identified, and we expect more variants to appear as the week goes on."

"We continue to advise users to keep their antivirus software up to date. Additionally, users should exercise extreme caution in opening attachments and should not open executable attachments including files with a .VBS extension."

Related Stories: