SAN MATEO (05/05/2000) - Computer systems around the world were left bruised and battered last week from a mercurial computer worm promising sweetness but offering a sour payload instead.
Believed to have originated in the Philippines, the deceptively dubbed "Love Letter" or "I Love You" worm caught the globe by surprise, infiltrating Britain's parliament and the Pentagon and prompting an investigation that includes the FBI.
Although security experts say tens of millions of computers may have been affected at as-yet unknown costs, the worm's damage might have been far worse had the Melissa virus not already taught the IT industry a very harsh lesson one year ago.
"Melissa meant that nobody sits back and takes these kinds of threats any longer," said Chris Christensen, an analyst at IDC, in Framingham, Massachusetts.
Indeed, the worm's furious spread through Europe and Asia convinced companies such as AT&T, Ford Motor, and Compuware not to tempt fate and their users' natural tendency to open e-mail attachments. They shut down mail servers instead.
"It was the first time we shut down our servers in that way, and I think it was a wise move," said Kathleen Vokes, communications manager at Ford, in Dearborn, Michigan.
John Kolodzy, data security manager for Compuware Corp., in Farmington Hills, Michigan, said his company didn't take last year's Melissa seriously enough until it was too late. So armed with advanced warnings about the Love Letter worm, Compuware shut down servers, installed vendor patches, and cleaned files.
Yet such pre-emptive tactics come with a price. "Money basically flows through an e-mail system. So shutting down ... to deal with this problem does quantify a financial loss," IDC's Christensen said.
Moreover, this latest assault brings into question the effectiveness of anti-virus products.
Because most anti-virus products and software rely on matching patterns, they will continue to lag in the battle against hackers becoming more adept at using available scripting tools to create new virus and worm agents, said Jim Hurley, managing director of security practice at Aberdeen Group, in Boston.
"What we're seeing right now are classes of attacks that depend on an executable or some kind of event trigger," Hurley said. "That is beyond the realm of current AV technology."
Love Letter arrives via e-mail with "ILOVEYOU" as a subject line. Once the e-mail's attachment is opened, the worm, which affects users of Microsoft's Outlook Express program whose computers support Visual Basic Scripting, sends itself out to every name on a user's name and address book. The worm will also attempt to overwrite JPEG and MP3 files. Love Letter can travel through Web pages and IRC (Internet Relay Chat).
As many as five variants of Love Letter have already surfaced.
Anti-virus software vendors, including Network Associates Inc., Trend Micro Inc., and Symantec Corp., have posted various fixes on their Web sites.