Watch CBS News

X-SciTech

Smitten Yet? 'NewLove' Latest Virus

By CBSNews.com staff CBSNews.com staff

/ CBS

The FBI is tracking the origins of a new e-mail virus and experts warn its even more destructive than the "love bug" that attacked two weeks ago.

The virus - christened "NewLove" or "Spammer," started lurking in computers Thursday evening in Israel but didn't spread as fast as the "ILOVEYOU" virus, which ravaged through millions of computers and caused an estimated $2 billion in damage.

U.S. Attorney General Janet Reno said the federal law enforcement office has opened an investigation into the release of the new bug.

The FBI's top cyber investigator, Michael Vatis said this virus is more sinister than the "love bug" because it can cause more damage and changes subject lines each time it's resent, making it harder to protect against. He said the new virus originated in the U.S. but it was unclear by Friday morning how widespread the latest e-mail virus was.

Federal investigators first got word early Friday morning, and began sending out alerts at around 2 a.m. ET.

FBI Launches Investigation

The FBI has opened an investigation into the new virus and has posted this special alert on the Web site of the FBI-led National Infrastructure Protection Center:

"Like the earlier variants, this worm is transmitted via e-mail, but unlike the others, this new...variant can change the subject line and the program code every time it is retransmitted, thus making it more difficult for users and anti-virus programs to detect."

"The NewLove variant uses the filename of a file that a user has recently been working on, and places that filename in the subject line of the e-mail transmission. The recipient may think that they have been forwarded a file from a known associate."

Experts said several thousand computers were already infected by the virus, which causes more severe damage than the original because it wipes files clean and tries to hide by changing its appearance.

"It will try to delete every file on your computer and will render it useless," Steven Trilling, Director of Research for anti-virus software maker Symantech Corp., told CBS News. "Another new element about it is it's a self-mutating virus...So it looks different each time and can do a lot of damage."

There are hopes the new virus may not spread as widely because companies have updated seurity since the first "love bug" and the warning is getting out much quicker this time around, Trilling said.

"We've been talking to corporate customers, letting them know this is out there," he said. "In the United States as people come to work, we hope they'll get in early, clean this up, let their users know so that this won't spread too far."

The virus was detected at several large companies late Thursday, said Dave Perry, spokesman for another anti-virus software maker, Trend Micro Inc. At one company, 5,000 computers were infected, said Perry, who would not identify any of the companies affected.

The subject line of an infected e-mail starts with "FW:" and includes the name of a randomly chosen attachment from a previous e-mail on an infected computer. The e-mail will have an attachment with the same name, but ending in ".vbs," the extension for a visual basic script computer file.

Clicking on the attachment will activate the virus. Like the "love bug," it will send itself to everyone in the user's address book. It will then overwrite most files on the hard drive, rendering the computer useless until the operating system is reinstalled.

So far, Microsoft's Outlook is the only e-mail program the virus is attacking, said Anita Chen, a spokeswoman for Trend Micro. Microsoft has said it will next week make available a modification to Outlook that will warn users about suspect e-mail attachments.

Get The Virus Patch

Microsoft Corporation is offering security updates for its Outlook Express e-mail software, which has been the target of the two most recent and destructive viruses. Get the patch at officeupdate.microsoft.com.

Once opened, the new virus will send itself to everyone in the recipient's Outlook address book, just as the "love bug" virus did, but the attached file name may change each time a new e-mail is sent. The "love bug" virus mainly carried the message: "ILOVEYOU."

The CERT Coordination Center, based at Carnegie Mellon University in Pittsburgh said it was receiving queries but no direct reports of sites affected by the new threat.

As of late morning Friday, the center had "received no direct reports of infections related to this virus," said Kevin Houle, an incident response team leader.

The original "love bug" rippled computers worldwide, including at the U.S. Pentagon, and is estimated to have cost $10 billion in damage. A Philippine computer school dropout is under investigation for spreading the cyber-worm.

The relatively simple "love bug" virus was followed some hours later by slightly modified variants, posing as jokes or confirmations of Mother's Day gifts. None of the variants were very widespread.

© 2000 CBS Worldwide Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press and Reuters Limited and contributed to this report

© 2000 CBS. All rights reserved.

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.