The person behind the devastating "ILOVEYOU" computer virus creating havoc on
computer systems worldwide is a 23-year-old male from Pandacan, Manila, a
Philippine Internet service provider said yesterday.
"The hacker hid behind a screen of hacked e-mail accounts and pre-paid Internet
user cards," said Jose Carlotta, chief operating officer of Access Net Inc., a
Manila Internet company.
Access Net is the owner of Supernet, a pre-paid Internet services provider.
The computer virus, called the "Love Bug," first spread through two e-mail
addresses in the Philippines.
Access Net came up with the profile of the attacker after comparing notes with
other local service providers. Police are now working with the companies.
The person behind the "Love Bug" also used the more common type of e-mail
account, but they probably weren't his own.
Carlotta's company offers pre-paid e-mail accounts activated with the purchase
of a plastic card, much like a phone card, where the buyer is not required to
give personal information. The cards are cheap, and it's easy Internet access
for the many Filipinos without a credit background.
"What I suspect is that all of these accounts that he has are hacked," Carlotta
said. "He has been able to find out what the user names and passwords of these
accounts are without the knowledge of the true owners. So then, it makes it
doubly impossible to figure out exactly who this guy is."
"ILOVEYOU" was uploaded into the servers of service provider SKYInternet as
early as April 28, but remained dormant until Thursday, technical consultant
Toby Ayre said.
AccessNet suspended the creation of new e-mail accounts in an attempt to foil
"We are tracking all movements and we don't see any movement,"
Carlotta said. "What happened is the author of the virus used two e-mail
addresses email@example.com and firstname.lastname@example.org."
The virus, which emerged as a cyber greeting, was reportedly launched in the
Philippines and then raced through Asia, Europe and North and South America.
The virus comes in an e-mail that says "ILOVEYOU" in the subject line. With the
e-mail comes an attachment, which, when opened using Microsoft Outlook
software, sends the virus to the e-mail addresses stored within the software,
Once the virus infects a personal computer, it can destroy certain files not
only on the user's own hard drive, but also other files on networks to which
the user is connected. While Outlook is used to propagate the virus, any e-mail
recipient can be affected.
The attachment can also be sent through Internet Relay Chats (IRC), chat rooms
accessible over the Web and popular among computer aficionados.
Embedded in the message are the words "Manila, Philippines," giving rise to
suspicion it originated in the country, and the phrase "I hate go to
"We're cooperating with everybody who requires our cooperation, we're
practicing all the required procedures in cases like this," Carlotta said. "The
best we can do is advise our users to be cautious about opening attachments if
they do... not just from us but any service provider."
Meanwhile, the National Bureau of Investigation (NBI) said yesterday it has
started a probe on the virus attack.
NBI Director Federico Opinion Jr. said he has assigned two units -- the
International Police and the Anti-Fraud and Computer Crimes Division -- to
trace the source of the virus after he was contacted by the specialists from
their US counterpart.
The "Love Bug" is being called the fastest-moving and most widespread computer
virus ever, affecting brokerages, food companies, media, auto and technology
Universities and medical institutions have also been hit.
It wreaked havoc on computer systems worldwide Thursday, shutting down e-mail
systems at major companies and penetrating the Pentagon, the Central
Intelligence Agency and Britain's parliament.
According to a tracking site maintained by Trend Micro Inc., a leading provider
of anti-virus software, some 2.9 million computer files have been infected as
of 2 p.m. yesterday, causing damage in the millions, or even billions, of
dollars from lost data, interrupted work, and the cost of fixing the damage.
Asia has escaped relatively lightly, because the virus was unleashed after the
close of the business day in the region. A total 2.5 million files were
infected in North America, some 223,000 in Europe and around 100,000 in the
Japan, with 13,000 infected files, and China, with just 3,800, were relatively
unscathed because most offices were shut for holidays.
Primitive but deadly
"There was nothing terribly sophisticated, or that displayed any artistic
programming skills about this (new attack) -- that's the scary thing," Network
Associates president Peter Watkins said at a press conference call.
But "run-of-the-mill" skills and equipment are all that's needed to launch such
an attack, capitalizing on the democratic power of computing tools available in
almost any PC and the ubiquity of the Internet to spread problems around the
The virus drew comparisons with last year's Melissa virus, which spread through
computer systems in the US.
Last month, 15-year-old hacker "Mafiaboy" of Canada was arrested for his
alleged role in sabotaging the CNN.com Web site in February.
At that time, some of the best known Web sites, such as Amazon.com and Yahoo!
Inc., were sabotaged and their services crippled for a short period of time.
Investigations continue for culprits in those attacks.
Once again an attacker with apparently limited computer skills was able to
carve a deep scar on the face of the computing world, mirroring the destructive
but technically primitive attacks like the Melissa outbreak in March 1999.
Melissa affected 300,000 computers. The "Love Bug" had spread twice as fast as
Melissa in the first 10 hours since it was identified.
Microsoft Corp., Ford Motor Co., Archer Daniels Midland Co., Vodafone AirTouch
Plc, and the Mayo Clinic medical center in Rochester, Minnesotta were just a
few of the organizations affected.
The US Federal Bureau of Investigation said it was investigating the matter to
determine whether there have been any violations of the federal Computer Abuse
The virus also infected the Pentagon and other US government computers, but did
not affect any classified systems.
"We have found absolutely no evidence that this has infected classified
computer programs," Defense Department spokesman Ken Bacon told Reuters.
CIA spokesman Mark Mansfield said the impact of the "Love Bug" on the spy
agency's computers was "negligible."
"There were a handful of isolated cases on our unclassified systems that were
reported and dealt with. But it has had absolutely no impact on our classified
systems," Mansfield said.
White House spokesman Jake Siewert said the virus had not gotten through the
White House system.
"It hasn't affected operations at the White House," he said. "There have been
some reports around the government about it. The White House has taken some
measures to secure its system. Our cybersecurity people are on top of it."
The British Parliament was also affected, with London's House of Commons
shutting down its e-mail system for about two hours on Thursday to safeguard
against the virus.
Software makers like Computer Associates International Inc., Network Associates
Inc. and Symantec Corp. have tools that can detect and eradicate the virus
available on their Web sites. --