Counting the cost of the Love Bug

Probably only a Manila judge will be able to say if the law has finally caught up with the creator of the Love Bug, following the frenzied four-day hunt led by the US's Federal Bureau of Investigations (FBI).

But as 27-year-old bank worker, Reomel Ramones, languishes in a local jail and his girlfriend, Irene de Guzmen, prepares to surrender herself to the authorities, questions are already being asked as to how a couple - living in a shabby flat in a rundown suburb of the capital - could seemingly outwit some of the world's most sophisticated computer systems to cause unprecedented mayhem.

California-based Computer Economics estimates that the virus and its variants have already caused £3.2bn worth of economic damage worldwide and that the final tally could come to a staggering £6bn or more. This makes the Love Bug vastly more devastating than Melissa, a predecessor virus that posed as a chain letter and caused £52m worth of havoc.

Much of the cost is attributed to how the Love Bug used Microsoft's Outlook mail client to propagate itself, forcing email systems either to be shut down or jammed.

But the story is far from over yet, with the bill for parallel damage to countless audio and picture files - again courtesy of the virus - still mounting.

Bizarrely, Ramones and his girlfriend are already being hailed as heroes irrespective of whether a court finds them guilty or, indeed, even whether the Philippines judicial system with its antiquated laws, has sufficient power to press charges.

Meanwhile, the FBI has obtained logs of messages from ISPs that were sent by victims of the bug to its creator. One ISP, Access Net, says most of the 5000 messages are angry ones, but many also praise the skill of the author.

Psychologists believe, however, that those who do praise creators of such viruses only make matters worse by feeding their vanity and so encourage others to follow suit.

The flipside of the equation is that it was also vanity, but this time on the part of the virus's recipients, that was just as much to blame for the its wildfire spread around the globe.

Seduced by the message's simple adulatory header 'I Love You', millions fell for the scam - opening the virus attachment and bringing chaos to the world's email systems as they did so.

Easy does it
Over at Sophos, the Abingdon-based antivirus software house, technician Graham Cluley is stoical about the ease in which the Love Bug duped its victims. "Let's face it. If you get an email from someone who you think is that dishy guy or girl in accounts, you're going to open it. Everyone loves flattery," he says.

Among those hit were countless governments, the Pentagon, major corporates such as Ford, Time Warner and the mighty Microsoft - whose operating environment, ironically, provides the oxygen in which the virus survives.

But perhaps more worrying is how the Love Bug may have opened a Pandora's Box of troubles, with experts admitting there is no clear way of combating email attachments that hide a virus and where ILoveYou is already reported to have spawned at least a dozen new strains.

What's more, only a few days have elapsed since the virus rose out of the Philippines like a tropical hurricane before sweeping across Eastern Europe, the industrialised West and then the US - following the line of the sun and providing a shock wake-up call to offices around the globe.

Here in the UK, where as many as half of all companies are thought to have been hit, news of the virus was less than welcome to Margaret Beckett who, as leader of the House of Commons, had just two weeks before been crowing about the UK government's success in coping with another computer interloper, this time the millennium bug.

Twisting the knife was shadow leader and Conservative MP Sir George Young who, after baiting the frequently stony-faced minister about whether she had received any emails expressing amorous intent, went on to warn about the electronic billet-doux that had already caused the Commons' own internal communications system to be shut down that day.

But the less than chivalrous Tory knight also had a serious point to make: did the Love Bug's success in infecting the messaging networks of MPs not suggest that an urgent review was now needed of how the House protected itself from electronic attack?

It was a point also taken up by Liberal MP Paul Tyler, who further demanded an official statement on whether supposedly secure government computers elsewhere had been hit, and why - once Whitehall had been alerted to the virus - no warning was issued to the public at large.

So far none of these points have been addressed. But with the cost of damage to the private sector continuing to mount, one MP - Tory member for Beckenham, Jackie Lait - promised on Monday to return to the fray by tabling even more questions.

"If other governments, including the US, could issue warnings to the public not to open the Love Bug attachment, then why wasn't our government able to do so?" she demanded. "Prompt action might have saved British industry millions."

Others might ask equally pertinently why companies and organisations that spent millions of pounds on building internet firewalls and incorporating antivirus software into their networks weren't better protected.

The hidden danger
According to Sophos's Cluley, the answer is not just down to the public's susceptibility to flattery, even if their seemingly unbridled willingness to open the ILoveYou attachment was much to blame. For one thing, he says, there is no easy way to detect if such attachments are benign or out to wreak havoc, any more than someone given an Easter egg would suspect it contains a bomb.

"Antivirus software isn't perfect and we have never said it is," he says. "While it is very good at finding viruses that we already know about, it is less good at detecting viruses that we have never seen before."

Not valid either, he says, is the notion that a generic solution can be developed so that all email attachments are routinely screened by antivirus software.

"When you design this kind of software you have to be fairly specific. Otherwise it would be like going on safari in Africa where you develop a rule saying that everything on four legs should be shot, when all you want to hunt is buffalo," he says.

"All you would succeed in doing is massacring everyone's pet animals."

Writing is on the wall
On top of the problems involved in combating the Love Bug, Cluley reveals, there is also the matter of saboteurs being able to download antidotes free of charge from the internet and then rewrite the virus to negate them.

"Everyone who gets infected by the virus also gets a full copy of the source code in easy-to-understand, high-level language," he reveals.

Despite this, Sophos, along with other antivirus software houses, has now started to issue fixes to provide users with protection against ILoveYou, along with its variants, through what Cluley describes as "some crafty routines". These are intended to flush out where the original virus's coding might have changed.

A simpler solution, he proffers, is for users of Windows 98, NT and 2000 - the operating systems affected - to switch off the Windows scripting host found in their control panel. This, he says, will prevent the virus's Visual Basic Script from running and so propagating itself through the email address books of users.

Yet another way of tackling the Love Bug, particularly for corporates, might be to include a software filter in the email gateway that detects attachments of a suspicious nature. "Besides, how many people in your average office are likely to need Visual Basic attachments?" he says.

Paradoxically, it could be crafty coding that might ultimately prove to have been the undoing of Ramones, if indeed he and his girlfriend are eventually deemed to have been the creators of the Love Bug.

David Smith, the author of Melissa, was brought to book because he failed to realise that the Windows operating system generates a globally unique identifier for every computer based on the ID number in its network adaptor card.

Moreover, Microsoft Word uses Guid to create a separate unique identity number in each document - a facility that proved invaluable to the FBI in identifying Smith's programming dabs.

That the FBI and the Philippine National Bureau of Investigation kept watch on the flat of Ramones and his girlfriend for several days, and would have moved in earlier for want of a weekend warrant, is testimony to the speed at which virus culprits can be traced - a speed matched only by the rate at which their creations flourish.

What is also known about the author of the Love Bug is that he, or she, was sufficiently proud of their work to sign it off with an alias, Barock, while also allowing - by accident or design - Filipino words to creep into the programming code along with its place of origin, Manila.

As Solomon once noted about life, "all is vanity" - explaining as much today why the Love Bug proved so devastatingly successful and why its perpetrators, once charged, might face a 20-year spell in prison.