'ILOVEYOU' has sinister side

The "ILOVEYOU" computer virus that has infected hundreds of thousands of

systems worldwide reportedly includes hidden code developed in the Philippines

that collects network passwords and transmits them to a World Wide Web site

maintained by an unknown attacker.

The virus code has been sent to the National Security Agency for evaluation.

However, some security and intelligence experts have warned that it is too

early to know whether the virus contains components that have intelligence

and national security implications.

According to security experts, the file WIN-BUGSFIX.exe is a backdoor created

in the Philippines that collects the network passwords cached in Microsoft

Corp.'s Windows operating system and then sends them to a Web site when

the infected user connects to the Internet.

Dave Jarrell, director of the Federal Computer Incident Response Capability

said no one is 100 percent sure what the executable does. However, he added,

the virus attempts to hide the fact that it has downloaded the executable

file by masquerading it has a benign application file, like a JPEG picture

file. "It could feasible go out and do this over and over again," he said.

According to moderators on the Bugtraq security listserv, "It seems the

WIN-BUGFIX.exe file will e-mail any cached passwords to MAILME@SUPER.NET.PH."

Narender Mangalam, director of security strategy for Computer Associates

International Inc., confirmed that there is a more malicious aspect to the

virus and that there could be national security implications because federal

agencies were infected. "All of it is a little hypothetical right now, but

that does not mean it can't happen," Mangalam said.

The company has posted a patch on its Web site that Mangalam said protects

systems against the entire virus and added that officials may know more

about its origin as early as Friday.

FedCIRC has been working with the National Infrastructure Protection Center's

analysis and warning center, as well as the National Security Agency and

the Energy Department's Computer Incident Advisory Capability.

DOE, which has had its share of cybersecurity problems, ordered security

guards to meet employees at the agency's building entrances in Washington,

D.C., this morning and warn them about the ILOVEYOU virus. The guards told

employees not to open e-mail with it. Nevertheless, the virus apparently

entered the computer system.

"It is still spreading," said DOE spokeswoman Ruth Vass. "Some of the machines

are frozen.

However, it was unclear whether the virus at spread to DOE facilities outside

of Washington, D.C., she said.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.