VNU Net: Love Bug suspect is detained

By John Leyden, VNU Net

Police in the Philippines have reportedly detained a man
suspected of creating the Love Bug computer virus, which caused
international mayhem late last week.

According to various reports today, officers from the National
Bureau of Investigation (NBI) have taken a 27-year-old man into
custody. The man was led in handcuffs by NBI officers from the back
of an apartment in the Pandacan district of Manila earlier

Investigators seized a telephone, wiring equipment and computer
magazines from the man’s house, but no computer.

Agents said they were waiting to question a woman who also lives
at the apartment.

The FBI and Interpol helped track the virus to the Philippines
through a tangled electronic web of evidence that has thrown up
several contradictory leads.

Police originally thought the main suspect was male but later
said they were hunting a female computer school student from a
middle-class family.

The Love Bug worm, which creates a flood of emails with the
subject line ILOVEYOU, is estimated to have caused hundreds of
millions of damage in lost productivity and damage to computer
systems worldwide.

The worm in all its variants so far only affects systems running
Microsoft Windows with Windows Scripting Host enabled. Computers
using Apple’s operating system or Linux remain unaffected.

Once opened as a Visual Basic Script (VBS) attachment by an
Outlook mail client, the virus is executed on the local machine. It
affects image and music files, such as JPEGs and MP3s, and also
tries to download malicious software from around the internet. At
the same time, the virus attempts to mail itself to all addresses
in the Outlook address book.

Variations of the virus continued to appear over the weekend,
one of which masqueraded as a receipt for a Mother’s Day gift. Even
more worrying, this variant posed as a warning message from the
technical support team at antivirus vendor Symantec.

Security clearing house Cert said it had received more than 400
direct reports involving some 420,000 internet hosts.

A Cert spokesman said: “Reports of the worm have levelled off,
but we continue to receive reports of variants. At least 10
variants have been identified, and we expect more variants to
appear as the week goes on.”

“We continue to advise users to keep their antivirus software up
to date. Additionally, users should exercise extreme caution in
opening attachments and should not open executable attachments
including files with a .VBS extension.”

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis