Updated from 8:34 a.m. EDT
One day after receiving harsh criticism for responding slowly to the "love bug" email
Department of Justice
issued a warning Friday that a new and more destructive virus is on the loose and capable of crippling computer systems.
Attorney General Janet Reno said the FBI was investigating a virus, similar to the love bug, known to rapidly change its form and cause more severe damage than the now-infamous love bug.
"If you receive an e-mail with a .vbs file extension, do not open it, even if it comes from a trusted source," Reno said. "Delete the email from your system."
The warning came after congressional investigators testified Thursday that the government failed to promptly detect the so-called love bug and warn federal agencies, resulting in substantial damage to computer systems and files.
And it came just hours after computer security companies specializing in virus protection software issued news releases describing the virus in detail and promoting remedies. The virus does not appear to be spreading quickly or widely, a fact that the security companies attributed to corporations buying security software.
The ILOVEYOU virus, closely following a spate of so-called denial-of-service attacks, has heightened anxieties at corporations and government agencies about the vulnerabilities of new information technology. The love bug virus spread earlier this month in such high-security places as the
and at many large corporations, and damages are estimated to be in the billions.
But as the government issued its warnings, interviews with corporations, government agencies and security companies indicated that the damage was already done, and that there was little of it.
Quoting the security companies' press releases almost word for word in some cases, Reno said that unlike the ILOVEYOU subject line that accompanied the earlier virus, the new virus changes subject lines each time it moves and obliterates key files on the computers it infects. It generates a subject line that starts "FW:", and the body of the email contains an attachment similar in name to one recently sent from the infected computer, except that the file extension, for example ".doc" or ".exe," is switched to ".vbs."
If the attachment is opened, the virus has the ability to randomly rename files on the computer's hard drive, giving the computer the equivalent of a lobotomy. But before it renders its host useless, the virus will send itself to all other users in the victim's address book. Its ability to slither its way into networks in that way puts it in the "worm" category of viruses.
Like the love bug and last year's Melissa worms, the latest virus is isolated to the Microsoft Outlook email system, according to
, an antivirus software maker. "Because of Outlook's popularity, it's a natural target for folks that are seeking to harm a large number of folks," said Lisa Gurry, a product manager at
The size of the data attachment in infected emails is significantly larger than recent viruses, which might actually help to prevent its spread because heavy traffic in large attachments often causes email systems to get clogged or crash.
"The worm grows in size as it spreads and can therefore clog a network with a large amount of email traffic and will likely bring down mail servers," said
, another security company.
Microsoft already offers an add-on software for Outlook that forces users to save those types of attachments to hard drives before opening them, which could halt the virus, Gurry said. Next week, the company plans to offer an optional software modification that would prevent customers from using those types of files at all.
Michael Vatis, director of the
National Infrastructure Protection Center
, a multi-agency task force based at the FBI headquarters in Washington and charged with investigating computer hacking, intrusions and viruses, said the agency had received reports of "upward of 1,000 machines being infected" as of "the early morning hours" of Friday
Debbie Weierman, a spokeswoman for the FBI, said that was "not a finite number" and that Vatis likely meant the agency had received 1,000 reports. The FBI notified other government agencies of the virus around 2 a.m. EDT Friday, Weierman said. She said she knew of no government computer systems that have been affected.
Vatis said there are 50,000 known viruses "in the wild."
Makers of protection software said the virus has affected very few companies, though all declined to name their clients.
John Sun, a spokesman for the computer security firm
, maker of the McAfee antivirus software, said the company was notified of the virus by one client, an Israeli electronics distributor, around 2 p.m. EDT Thursday. Though the virus appeared to have the capability to spread quickly and cause significant harm, the company ranked it low risk because only one company had been affected. Network Associates developed a fix for the virus within an hour, he said.
Around 4 p.m. EDT Thursday, Network Associates raised the risk level to medium after an American company reported a similar problems. It raised the risk level to high around 8 p.m. EDT. But Network Associates, the market share leader in antivirus software according to the research firm
International Data Corp.
, knows of no other companies that have been affected.
Three German companies reported problems, but one had the old love bug and the other two deleted the emails before they could be examined, Sun said.
"We've gotten a lot of inquiries that turn out to be people have the old love bug," he said. "Janet Reno, I think, is being very proactive in this case about getting the word out."
There are 50,000 known viruses in the wild.
Trend Micro, based in Cupertino, Calif., received a report of a virus from a customer around 5 p.m. EDT on Thursday, a spokesman said. The customer, which Trend Micro identified only as a West Coast company with about 5,000 computers, told Trend Micro the virus appeared to come from its Israel office.
Immediately, Dan Schrader, chief of security at Trend Micro, set his software engineers out to create an antidote for the virus, which took about an hour and was quickly distributed among Trend's clients.
Schrader said that most of the 5,000 computers at the West Coast company were affected, and that an additional company, similar in size, in New York had been partially disabled by the virus by the time Trend got the antidote done.
"First we decided we were not going to do anything with this one, but then we started getting calls from reporters who had talked to other companies and found the virus in different systems than the ones we had seen," Schrader said. He then confirmed with
, a competing antivirus software maker, that six of its customers had indeed been hit by the virus.
Schrader said Trend Micro deals with roughly 450 new viruses per month, and typically 100 or so tend to be "worth a significant investigation."
Knowing that the antivirus industry was still under the gun for not dealing swiftly enough with the recent love bug virus, Schrader and his colleagues made a decision to hit the new virus head on, and started calling news agencies around the country.
The company did not call any law enforcement agencies, but immediately notified
, an up-to-the-minute clearing house for Internet security problems run by
Schader said that in this case, the hype surrounding the new virus might have been a "boy who cried wolf" situation.
Narender Mangalam, director of security solutions (industry parlance for security software) for Computer Associates, said the virus was "limited to bigger companies right now." Computer Associates first received a sample from "a large company" around 8 p.m. EDT Thursday, Mangalam said. He said the virus appears to have targeted multinational banking and software companies and is "continuing to spread."
Nine New York banking and financial companies said their systems were unaffected, either because they do not use the Microsoft email program or have security systems in place.