Updated from 1:59 p.m. EDT
An insidious computer virus called the Loveletter rampaged through email systems around the world Thursday, disrupting Internet communications among hundreds of thousands of computer users from Hong Kong to America's industrial heartland.
Computer security experts said the virus, which disguises itself as an alluring email called "I LOVE YOU," was one of the fastest-spreading cyber-scourges they had ever seen. Many major computer users, from Britain's Parliament to Wall Street brokerages to the
Ford Motor Co.
, shut their email systems temporarily while technicians purged the infection.
"I been doing this nine years and I've never seen anything like this," said Mikko Hypponen, manager of antivirus research at
, an Internet security firm. Hypponnen said the first report of the virus came to him in Finland from a major company in Norway at 2 a.m. EST. "In the next half hour they came in from everywhere, almost instantly."
The Loveletter virus is like the
virus but has a much larger appetite for plundering email addresses.
The difference between the two is that Melissa picks up 50 of your personal email addresses of your friends, but Loveletter picks up a company's central address book and group addresses, anyone you're doing business with, Hyponnen said. "Tomorrow will be a hectic day," Hyponnen noted. "When Melissa broke out, it was a weekend. It will be difficult for companies to contain this and it will cost you quite a bit."
deployed its computer crime squad to investigate the virus, according to Joseph Valiquette, an FBI agent in New York. "A number of victims have contacted us and there are more contacting us as we speak," Valiquette said. The goal of the investigation is to track the origin of the crime, he said. "We wouldn't be surprised if it came from outside the U.S."
Victims of the virus in New York, Valiquette said, should call the computer crime squad.
Peter Tippett, chief scientist at
, an Internet security company, in a conference call estimated that half of all American corporations have already been hit by the speedy virus. The virus was written by a teenager in the Philippines who goes by the name Spyder, according to Tippett.
"Damage is quite pervasive," he said. "The work to clean it up and prevent it from going forward will be quite costly."
, a company that designs software to fight viruses, the number of infected computer files worldwide Thursday rose several thousand times the average amount to 1.5 million by early evening, with 1.3 million of those in North America.
"That's just a small sampling of quickly this virus is spreading," said a Sandy Morganthaler from Trend Micro.
"This is a major breach," said Chris Rouland, the director of
, a unit of
Internet Security Systems
. "It's definitely one of the more complex viruses we've seen."
When a user clicks on the email message, from Microsoft's email software, Microsoft Outlook, the robbery begins. The Internet browser is then directed to steal passwords for Windows log-in and remote access for Windows then sends the passwords to an account in the Philippines, Rouland said. The perpetrators can later use those passwords to get back into the organization from which they came, he noted.
The virus isn't finished yet. Next it sends copies of the passwords to everybody in the company's stolen email address book so that all users within the organization have access, Rouland said.
Then it goes to the hard drive and overwrites copies of files with the virus. In particular, graphics files called JPGs and music files called MP2s are overwritten and the originals are lost, Rouland added.
Finally, it infests itself in Internet relay chat software called MIRC 32, one of the most popular chat applications, so that anyone who communicates with the person affected will themselves become infected.
The answer for now is for organizations to block access to chat rooms and users not to execute attachments, Rouland said.