Who is Onel A. de Guzman?
Article from http://www.jrwhipple.com
The
I LOVE YOU
Virus
There ain't no love
in this little bug!
If you receive email with a subject line with the phrase ILOVEYOU (all one word, no spaces) in it… DON'T OPEN the attachment named Love-Letter-For-You.txt.vbs.
Over a five-hour period, during May 4, 2000, this virus spread across Asia, Europe and the United States via e-mail messages titled "ILOVEYOU." The menace clogged Web servers, overwrote personal files and caused corporate IT managers to shut down e-mail systems.
A scan of the Visual Basic code included in the attachment reveals that the virus may be corrupting MP3 and JPEG files on users' hard drives, as well as mIRC, a version of Internet Relay Chat. It also appears to reset the default start page for Internet Explorer.
This virus arrives as e-mail with the subject line "I Love You" and an attachment named "Love-Letter-For-You.txt.vbs." Opening the attachment infects your computer. The infection first scans your PC's memory for passwords, which are sent back to the virus's creator (a Web site in the Philippines which has since been shut down). The infection then replicates itself to everyone in your Outlook address book. Finally, the infection corrupts files ending with .vbs, .vbe, .js, .css, .wsh, .sct, .hta, .jpg, .jpeg, .mp2, .mp3 by overwriting them with a copy of itself.
You can get this bug in only one way. If you receive an email with an attachment with the name Love-Letter-For-You.txt.vbs and you execute it, by double clicking on the attachment, you will get infected. Don't execute it, just delete it and you will be fine.
How to keep from becoming
infected by this bug
Of course, first and foremost, never open any email attachment that you are uncertain of. That said, I strongly recommended that if you do not use Visual Basic scripting , (Most Don't) you should turn this option off. To do so:
# Click your start button
# Click on Settings
# Click on Control Panel
# Double-Click on the Add/Remove Programs icon
# Click on the Windows Setup tab
# Click on Accessories to obtain the details
# Uncheck Windows Scripting Host if it is checked
# Click "ok" to save any changes
Remember, the above will only protect you from the ILOVEYOU virus, and it's variants. Other viruses can still get to your computer.
Variations on the ILOVEYOU virus are already hitting the net. The only sure way to protect yourself from email viruses is, DON'T OPEN ATTACHMENTS even if sent by someone you know. See the links on the upper left of this page for more information.
Who is Reomel Lamores?
Article from http://en.wikipedia.org
Effects
The virus began in the Philippines on May 4, 2000, and spread across the world in one day (traveling from Hong-Kong to Europe to the United States), infecting 10 percent of all computers connected to the Internet[1] and causing about $5.5 billion in damage.[2] By 13 May 2000, 50 million infections had been reported.[3] Most of the "damage" was the labor of getting rid of the virus. The Pentagon, CIA, and the British Parliament had to shut down their e-mail systems to get rid of the virus, as did most large corporations.[4]
This particular malware caused widespread outrage. The virus overwrote important files, as well as music, multimedia and more, with a copy of itself. It also sent the virus to everyone on a user's contact list. Because it was written in Visual Basic Script, this particular virus only affected computers running the Microsoft Windows operating system. While any other computer accessing e-mail could receive an "ILOVEYOU" e-mail, only Microsoft Windows systems would be infected.
Article from http://www.theregister.co.uk
Five years ago, a new "supervirus" hit the headlines. It had the two successful - but evil - elements: destructive virus coding coupled to an enticing title and the simple fact that it arrived from someone the recipient knew. The combination was virus dynamite.
Most viruses start slowly and then build power; "I Love You" hit the computer world like a bomb - anti-virus companies had not seen anything like it and while they struggled to contain the infection, copycats were re-titling the virus and releasing in their own language.
At this point you might expect the story to flash-pan to a prison cell and a description of the miscreant responsible for the outrage safely behind bars. However, the person who almost certainly wrote the virus - proved not only by his own admission but also by a stack of corroborating evidence - is today a free man with a no criminal record.
That's because in the Philippines - where he lives - there were no laws against computer misuse and the authorities had nothing to charge him with.
Today, almost five years after the event "Spyder" (real name Reomel Lamores) is saying nothing about the virus, referring all calls to his lawyer who - in turn - also refuses to comment. Not even "sorry" for the hundreds of millions of pounds of damage it allegedly caused and the general pandemonium it generated.
US tabloid TV programmes and book authors have dangled cheques in front of his nose - but at the moment he rejects them all. Local reports say he fears being kidnapped and has nightmares about being bundled on to a boat and taken to the USA.
Spyder's Web
In May 2000 Spyder was a minor computer programmer in the employ of the local China Bank, living in a low-rent Manila apartment with girlfriend Irene De Guzman. After its release into the wild, I Love You - aka "The Love Bug" - was quickly traced back to Spyder who was held by the authorities on unspecified grounds. US and European law enforcement authorities fought to be the first to try the then twenty seven year-old. The FBI even put seven men on the case, including their specialist virus sniffer Federick Bjorck.
Under questioning Spyder started by claiming total ignorance of events and blandly refused to assist the authorites. Even in the face of mounting evidence - including his own email address carrying the outbound virus - for which he had no explanation.
Eventually, he changed his story to the one he maintains to this day: The honest accident. He was messing around with coding "and the code escaped". Strangely this is slightly supported by the evidence. A thinking virus writer would have worked harder to cover his tracks. Some speculate that the whole stunt was created to impress his new girlfriend and he secretly hoped to get caught.
The virus was smart - for that time - in that it knew about file length. The full title (of the original e-mail) was LOVE-LETTER-FOR-YOU.TXT.vbs. The length of this tile was vital because (on default Windows setting) this hides the .vbs extension and it could be taken as plain text.
When up and running, the virus looked in the address book of Microsoft Outlook and sent copies of itself to everyone therein. For good measure, the virus then linked to four pages on Sky Internet (in the Philippines) which, in turn, downloaded the falsely named WIND-BUGFIX.exe. This had the effect of collecting and sending email addresses and passwords to a known second email address.
This second part of the operation didn’t last long. The ISP noted the huge surge in traffic and suspended the pages. Within hours the FBI bloodhounds were on the scent of the perpetrator. However before they did the title had already changed to one of the hundreds of variations that followed - Very Funny Joke.
In June of that year, and barring any other law with which to prosecute him, authorities charged Spyder's girlfriend Guzman - who came under suspicion because of a certain expertise with computers - under the local "Access Devices Act" of 1994, which outlaws the illegal use of account numbers and passwords - a law directly related to credit card fraud. The charges were based on her owning the central computer from which the virus eminated. However, even these had to be dropped.
Later that year, the Philippines introduced new laws to target and outlaw a wide range of cybercrimes. But as the FBI are quick to point out - there are plenty of places left in the world that the cyber criminal is free to go about his or her business unhindered by the in-this-case-not-so-long arm of the law. ®
The top 10 worst computer viruses have caused much damage in the past 10 years. Here are the top 10 worst computer viruses: from http://www.catalogs.com
The CIH virus in 1998
Estimated Damage: $20 to $80 million worldwide; countless amounts of PC data destroyed
It was unleashed from Taiwan in June of 1998. What made CIH so dangerous was that it would overwrite data on the host PC's hard drive. It would no longer work. It would also overwrite the BIOS of the host, preventing boot-up.
Melissa in 1999
Estimated Damage: $1 billion
Melissa spread through Microsoft Word 97 and Word 2000. It cleverly used a mass e-mail process where it would access the first 50 entries from a user's address book in Outlook 97/98 (the e-mail program) when the document was opened. Melissa would randomly insert quotes from "The Simpsons" television show into documents on the host computer and it deleted critical Windows files.
ILOVEYOU in 2000
Estimated Damage: $5.5 billion to $8.7 billion in damages; ten percent of all Internet-connected computers hit
It took your contacts from your Outlook list. If you saw the e-mail message "I LOVE YOU" and opened it, it would copy and send out the message again and again. Recipients, who didn't know what was happening, would execute the document only to have most of their files overwritten.
Code Red in 2001
Estimated Damage: Code Red and Code Red II are two worms with damages estimated at $2 billion; a rate of $200 million in damages per day
Released on Friday the 13th in July of 2001, the worm took advantage of buffer overflow vulnerability in Microsoft IIS servers and would self-replicate by exploiting the same vulnerability in other Microsoft IIS machines. Buffer overflows occur when too much information is sent to a computer it can't handle, and it causes a shutdown.
SQL Slammer in 2003
Estimated Damage: shut down South Korea's online capacity for 12 hours; affected 500,000 servers worldwide
The virus affected servers, not PCs. As viruses go, it was very small: a 376-byte worm. It generated random IP addresses and sent itself to those IP addresses. If the IP address was a computer running an unpatched copy of Microsoft's SQL Server Desktop Engine, that computer would begin firing the virus off to other random IP addresses. Slammer infected 75,000 computers in 10 minutes. It sent so much traffic that it overloaded network routers across the globe, which created higher demands on other routers, which shut them down, and the cascade was on.
MSBlast in 2003
Estimated Damage: between $2 and $10 billion; hundreds of thousands of infected PCs
Microsoft announced a Windows vulnerability in 2003. A short while later, that Windows vulnerability was exploited with a worm called MSBlast; it included a personal message from the author to Bill Gates. "Billy Gates why do you make this possible? Stop making money and fix your software!!" A Trivial File Transfer Protocol server was installed on the computer and downloaded code onto the infected host. Over 25 million hosts were still known to be infected six months later.
Sobig in 2003
Estimated Damage: 500,000 computers worldwide; as much as $1 billion in lost productivity
The worm entered a computer in the form of harmless e-mail attachment. The attachment was often a *.pif or *.scr file that would infect any host if downloaded and executed. Sobig-infected hosts would then activate their own SMTP host, gathering email addresses and constantly sending additional messages. It would flood the Internet with e-mails.
Sasser in 2004
Estimated Damage: tens of millions of dollars; shut down the satellite communications for some French news agencies; several Delta airline flights were cancelled; shut down numerous companies' systems worldwide
Sasser began spreading on April 30, 2004; it exploited a security flaw in non-updated Windows 2000 and Windows XP systems. When successfully replicated, the worm would scan for other unprotected systems and transmit itself to them.
MyDoom in 2004
Estimated Damage: slowed global Internet performance by 10 percent and Web load times by up to 50 percent
On Jan. 26, 2004, the MyDoom worm spread across the Internet via e-mail. The worm also transmitted itself as an attachment in what appeared to be an e-mail error message containing the text "Mail Transaction Failed." Clicking on the attachment spammed the worm to e-mail addresses found in address books.
Bagle in 2004
Estimated Damage: tens of millions of dollars
Bagle infected users' systems using an e-mail attachment but then scoured Windows files for e-mail addresses it could use to replicate itself. However, the real damage came when it opened a back door to a TCP port that can be used by remote users and applications to access any kinds of data on the infected system.
This is a nice blog. Thank you for sharing your Knowledge with us. Also I can refer to you some other important Blogs for removing ILOVEYOU Virus from your System.
ReplyDelete