Love Bug: worse to come

A group of developers has dismissed the Love Bug attack as crude and unsophisticated and warned that far worse virus outbreaks can be expected.

Samhain, a loosely knit group of researchers, discovered last year that it was possible to create a far more potent virus than either Melissa or the Love Bug. Before the project ended, the group managed to create a working model of a virus that worked across different platforms and operated by stealth.

The project report names the seven deadly attributes of such a virus: portable, invisible, capable of spreading without user intervention, learning, difficult to trace, modify or destroy, capable of been used 'easily', and polymorphic, so that it changes frequently.

Graham Cluely, of Sophos, said the virus would have been far worse if it attached documents and spreadsheets instead of multimedia files.

Cluely added techniques employed in the Kakworm attack, which exploits a flaw in Microsoft Outlook ActiveX controls that allows virus infection without the user opening an attachment. Worryingly the Kakworm is still common because many users have not implemented a Microsoft Outlook patch, Cluely added.

Richard Stagg, senior security architect at Information Risk Management, agreed: "The prospect of yet more devastating viruses than the Love Bug is potentially an enormous threat. The Love Bug did not carry a particularly nasty payload, it wasn't subtle, and yet it effectively denied email service."

The availability of scripts for the Love Bug, which could be adapted to wreck still more havoc, is real, said Stagg. He added that users should make sure their client was securely configured.

Gartner has suggested that users deploy a content firewall, quarantining executables, scripts and macros at the email server or firewall level.

Meanwhile Onel de Guzman, who admitted he may have been the cause of the spread of the Love Bug, is one of four people the Philippine National Bureau of Investigation (NBI) described as "possible suspects" behind the world's worst computer virus outbreak last week.

However, the investigation is still ongoing, investigators stressed.