Radsoft
 About | Buy | News | Products | Rants | Search | Security
Home » News » Roundups » ILOVEYOU

ILOVEYOU

May 4, 2000 7:00 AM UTC - August 21, 2000 10:30 UTC

It was a disaster waiting to happen - the world was on its knees begging for it.

And They All Lived Happily Ever After August 21, 2000 10:30 PM UTC
And so ends one of the biggest Keystone Kops sagas in Internet history.

And Always They March On Rant of the Week/Week of August 23, 2000
Let's all drive down to Red's Nightcrawlers & Computers and pick up that brand new Pentium XIX.

The Art of Saving Face June 13, 2000 5:30 PM UTC
The NBI says it has enough to nail Onel for the ILOVEYOU worm. Sure.

Let's get this absolutely straight:

  • Until the Keystone Kops demonstrate otherwise, there is no reason to assume they have been blessed with any more evidence than they had weeks ago (precious little) when they began their bungled operation.
  • There is nothing to tie Onel directly to the worm and very little to connect him with Barok. The identity of its author - 'spyder' - is not known: if it were, the NBI would have been all over the media eons ago. Maybe Onel really is the author; or maybe Onel wanted to write a clone of it; but there is no proof - none.
  • Federico Opinion Jr, director of the NBI, was quoted as saying 'we want to put him in jail'. Meaning Federico Opinion Jr is sitting on something Erap has under him that's making his backside smoke.

The NBI have looked like fools all through this messy investigation. And the FBI are hounding them like you can't believe. What we are now witnessing is the Art of Saving Face - or rather a very clumsy attempt at it. But Erap doesn't care. Doesn't care how innocent people will be hurt. He's only worried about his face.

For an interesting perspective on the entire matter, one written weeks ago and still as 'hot' today, see Alan Robles' excellent editorial Michael Meet Mark at Hot Manila.

Case Closed? June 5, 2000 10:00 AM UTC
Or did the Keystone Kops forget it was still open? Lynn Burke reports.

Twisted Karma Rant of the Week
'What goes around comes around' is supposed to work. We expect - and rely on - the baddies in the black hats getting theirs at the end of the day.

Time to Punish the Kids Rant of the Week
Humane thinking teaches us to not punish our children for our own mistakes.

Here Comes the Love Child May 19, 2000 9:00 PM UTC
It was bound to happen. That it could be done has been broadcast all over the net. And now it's here, and has already hit three Israeli and European clients by May 18.

I Didn't Do It Either May 15, 2000 3:00 PM UTC
Now Michael Buen surfaces - and denies all involvement in the spread of the ILOVEYOU worm.

Welcome Home Onel May 11, 2000 2:00 PM UTC
In a late breaking news conference, Onel de Guzman surfaces - with his sister Irene. Onel doesn't talk much, leaving things to an interpreter who says Onel didn't do it, and would rather not comment the matter further right now.

A Look Inside the Trojan May 11, 2000 6:30 AM UTC
radsoft.net takes a peek at WIN-BUGSFIX.exe.

You've Got a Friend May 11, 2000 0:30 AM UTC
All the while Billg and friends continue to innovate the threats get worse. The latest is the 'Friend' worm: it's highly effective and completely destroys any Windows operating system. radsoft.net have verified this worm works 'as advertised'.

What's-His-Name Freed! May 9, 2000 4:10 PM UTC
Philippine authorities were forced to release Reomel Ramones for lack of evidence. Another hearing is scheduled for May 19. Irene de Guzman was never apprehended.

Website of Supposed ILOVEYOU Author May 8, 2000 11:00 PM UTC
Welcome to the website of Manila Girl, Irene de Guzman, an absolutely wonderful human being. Sign her guestbook. And then ask yourself what the FBI and NBI are really up to. If you need further proof, check the HTML source and see for yourself.

Go Worm Yourself Bill! May 8, 2000 8:50 PM UTC
In what has to be the most shameless 'full of it' press release ever Microsoft founder William H Gates 3 is spreading the fear that the imminent breakup of Microsoft by the US DOJ will heighten the risk for future ILOVEYOU virus worms.

The Facts May 9, 2000 2:30 AM UTC
This mostly straight from the Philippines - and yes it's all highly contradictory. Have fun.

Memorable Quotes May 9, 2000 5:40 AM UTC
Quite a collection. Some are witty, a lot are just plain dumb - and most point the finger.

ILOVEYOU Author(s) Arrested? May 8, 2000 2:00 PM UTC
Is his name Rommel Lamores? Or is it Reomel Ramones? Did he have a female accomplice? Was her name Irene de Guzman? Did the NBI arrest the right people? Was the worm author that dumb? Wasn't there a computer among the seventeen items seized?

At C|net his name is given as Rommel Lamores. At Wired he's Reomel Ramones. At C|net there are two women involved. At Wired there is only one. They both agree on the first girl's name, but C|net adds that Irene's sister Jocelyn has also been arrested.

The seized items include computer magazines, telephones, diskettes, wires and cassette tapes - but no computer, and unless the neighborhood wouldn't recognize one if they saw it - no modem either.

Now it's Jonathan James, a eighteen year old Swedish high school student, who is credited with completing the hunt.

Where is Freddy's Australian German?

http://news.cnet.com/news/0-1003-200-1837495.html
http://wired.com/news/technology/0,1282,36187,00.html
http://news.bbc.co.uk/hi/english/sci/tech/newsid_740000/740623.stm

New Outlook Hole Found May 8, 2000 0:00 AM UTC
This is getting ridiculous. An email appears in Outlook's inbox, and even before the user does anything, a message pops up on the screen. 'Had this been a real virus, you would not be happy,' it reads. The relieved user clicks 'OK' and another box pops up.

'Deleting hard drive now... Just kidding!'

It was written by Leigh Stivers of DP Technology, who is trying to draw attention to a hole in Outlook that is far more dangerous than the ones ILOVEYOU found - this hole allows any email to be loaded invisibly with a destructive program that could go as far as deleting an entire hard drive.

Unlike viruses like ILOVEYOU or Melissa, these programs have no attachment and give no indication that they are anything other than ordinary email.

And with Outlook's factory defaults, this program - which might have been set to wipe your entire hard drive clean - can start running without you having to click a thing, before Outlook even tells you mail is there.

'The script can do almost anything,' said Stivers. 'We were amazed to see how open everything was in house here, and we take security pretty seriously.'

You shouldn't have been amazed, Mr. Stivers. But thanks for the tip. We shall now visit the C|net link and read the article and within 30 minutes be running a better email client - for this writing on the wall is surely enough for even the lamest Outlook user?

http://news.cnet.com/news/0-1003-200-1823347.html

Fredrik Says He Has His Man May 6, 2000 8:00 PM UTC
Fredrik Björck, the man who tracked down the author of Melissa, has just appeared on national Swedish television in an extended interview as the top new story of the day. Fredrik says he's found his man.

Michael isn't anywhere near the Philippines - he's in Australia, and it took Fredrik and his team only three hours to find him. Which they did by comparing IPs out of Hotmail letters with IPs used in early ILOVEYOU transmissions.

Fredrik admits that when he broke the news yesterday there was still some doubt, but that today, especially after the Philippine network ActiveNet has contacted him with further findings, the matter is all but closed.

Fredrik will now turn his team's findings over to the FBI in the United States.

News link (in Swedish): http://www.tv4.se/nyheter/visa.asp?id=105793

ILOVEYOU Author Found May 5, 2000 9:00 PM UTC
Fredrik Björck, the man who tracked down the author of Melissa, has found the author of the ILOVEYOU worm. It's a German exchange student named Michael. Michael's in his twenties, and he used Manila ISPs to spread his creation. According to Björck, who works at the University of Stockholm, Michael has now published information on how to get rid of the worm.

Virus Alert!
Absolutely awesome. Be sure to check what server OS they are running. See if you can discern a trend there.

ILOVEYOU: Line for Line May 5, 2000 8:00 PM UTC
The source code to ILOVEYOU, explained line by line.

How to Uninstall VB Scripting May 5, 2000 6:30 PM UTC
F-Secure's walk-through.

Aw c'mon - this is Microsoft's fault?
May 5, 2000 5:30 PM UTC
Could this be true? Should Microsoft carry the blame for the spread of this destructive virus? Do bears do their dirty do-do in the woods?

http://news.cnet.com/news/0-1003-200-1816987.html
http://news.cnet.com/news/0-1003-200-1823167.html
http://wired.com/news/commentarySection/0,1292,36147,00.html

Microsoft's First Line of Defense May 5, 2000 5:30 PM UTC
Get ready with the flight bag: Microsoft has come out with an official recommendation for the first line of defense against ILOVEYOU. Something the world has been waiting on pins and needles for.

Delete email messages with the 'I Love You' subject line.

But it gets better: Microsoft have also released an ILOVEYOU patch for Outlook. It doesn't stop ILOVEYOU from running - it only displays a message box first. OK grab that flight bag and don't make a mess.

Web Admins Should Know Better May 5, 2000 5:20 PM UTC
Security consultant Richard Smith has gone on record. Smith states that most Web administrators should know better than to run VBS attachments from unknown sources. We needed a security consultant to tell us that?

New ILOVEYOU Ruse May 5, 2000 5:20 PM UTC
A new script kiddie spin-off of ILOVEYOU uses the 'Mother's Day Confirmation Order' ruse. Beware.

Preventive-Measures-That-Are-Full-Of-It-Dept. May 5, 2000 5:10 PM UTC
This classic comes from none other than C|net:

Save files in RTF or ASCII. Since these formats don't support macros, they can't carry macro viruses.

Precious.

Sound-Advice-Dept. May 5, 2000 5:10 PM UTC
This comes from the BBC:

As with all emails, if in doubt do not run any attachments you are not expecting.

Catherine Whiting of SecServ puts it this way: 'All you have to do is think before you click.'

It Started Where? May 5, 2000 3:00 PM UTC
Manila ISP Supernet says the original Love Bug email was uploaded onto its servers as early as April 28 but remained dormant for six days. The author of ILOVEYOU is supposedly a 23 year old Manila resident working behind hacked Internet accounts and prepaid Internet user cards. Jose Carlotta of Supernet's parent company Access Net says:

'He's been very crafty. He's been very able to move around the network, the various ISPs, and he's been very hard to locate. He's been using a lot of hacked accounts... he illegally gets the user name and passwords and he uses those accounts for his own purposes.'

Here Come the Kiddies May 5, 2000 3:00 PM UTC
This was waiting to happen too - sites everywhere released the source code to the ILOVEYOU worm. Now the script kiddies of the world are getting in on the act. Presently there are at least four or five variants on ILOVEYOU. What you should do is be suspicious of anything that looks remotely like what you've seen on the news. Instead of the 'love letter' ploy they use things like 'joke' and 'very funny'.

How it works, what it does May 4, 2000 3:00 PM UTC
We now have more details on this 'destructor'. It would seem that the company representing the 'affected' email client has been trying to keep its name out of the news. But it was only a matter of time. As it always is with their Internet software.

All You Need Is Love? May 4, 2000 7:00 AM UTC
All we know now is: there is an email virus going around, it says 'ILOVEYOU', and you definitely don't want to open it. Local reports say Scandinavian aviation authorities have been incapacitated. Just don't open it. Delete it, or if you know how and you have a BSD client (MS users need read no further), then open it in a text editor and save it as such.

About | Buy | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.