A computer virus with a love motif attacked computer systems internationally on Thursday. Experts marveled at the speed with which it spread without regard to political boundaries. The author so far is unknown. RFE/RL correspondent Don Hill in Washington passes on what is known about the "I love you" bug.
Washington, 5 May 2000 (RFE/RL) -- Computer users around the world -- from the White House in Washington to Swedish corporate board rooms, from Dow Jones Newswire in Hong Kong to Radio Free Europe, Prague -- found little Cupid-like messages in their e-mail Thursday.
Many of those who opened a message titled "I love you" got an unromantic surprise. The message carried what computer users call a "virus." That's a program with repetitive instructions that can, in computer jargon, "infect" computer systems and destroy their electronic files.
A spokesman (Bill Pollack) for the CERT Coordination Center, a U.S. government-chartered computer security group, said it appeared to be in the same class as Melissa, an e-mail virus that overwhelmed computer systems around the world a year ago.
It might have been humorous except for the expensive damage it could do. At the U.S. State Department the virus became an epidemic and nobody was laughing. Department spokesman Richard Boucher says:
"People have received such e-mails. About 6:30 this morning, actually before we were notified by the normal... by the system, by the federal notification system, we found this so-called 'I love you' virus in some of our servers, lots of our servers."
The servers Boucher refers to are central computers that operate as a hub for a number of computer work stations.
The "I love you" virus works like this. When a user opens the I love you message, it spreads throughout that computer seeking files containing audio or visual data. It overwrites, that is, erases, the data and substitutes itself.
This can be bad news for the particular computer user because the overwritten files generally are lost irretrievably. But the author of this virus programmed it to do much worse. The program contains instructions to seek out every e-mail address the user has listed in his or her system and to send itself to those addressees. Thus, in addition to destroying files, it may multiply itself exponentially.
State Department spokesman Boucher says:
"If the e-mail itself is in the server, that means it's going out to some user who may or may not open it. So what we want to do is catch it wherever we find it and eradicate it. Whether it's actually been opened and installed itself on somebody's computer or not, it needs to be eradicated wherever we find it."
The Associated Press reported that a virus scanning system provided on the Internet by the Trend Micro computer security company detected more than 500,000 infected computer files around the world, including more than 350,000 in the United States.
Network Associates, another computer security firm, said that, in Britain, the virus brought down about 30 percent of company e-mail systems. The number in Sweden was 80 percent.
The virus appeared in Hong Kong late in the afternoon, spreading throughout e-mail systems once a user opened one of the contaminated messages. It later moved into European parliamentary houses and through the high-tech systems of big companies and financial traders. In Asia, Dow Jones Newswires and the Asian Wall Street Journal were among the victims. The bug affected only e-mail and did not prevent Dow Jones Newswires from distributing financial information to traders.
At Radio Free Europe/Radio Liberty, the damage remained localized among two or three computer users who opened the file to see who had set them an "I love you" message. But the virus didn't spread.
Computer experts at the international broadcaster have decoded the virus instructions and found that the virus' creator wrote the epidemic instructions for the widely used Microsoft Outlook e-mail program. RFE/RL uses a different e-mail program whose coding was not compatible with Outlook's, and so was spared the most severe damage.