Ben Venzke of iDefense discusses the "ILOVEYOU" virus and copycats
May 5, 2000
(CNN) Ė A malicious computer virus innocuously entitled "ILOVEYOU" destroys critical files when opened, making a computer inoperable. The virus and newer variants have wreaked havoc on corporate systems worldwide and cost millions of dollars in damage. Replicating itself through the address book of the Outlook Express of an unknowing victim, it masquerades as a letter from a friend, instilling false trust in the recipient.
Ben Venzke is the manager of intelligence production at iDefense. An expert in matters of security, Venzke created the Intelligence Watch Report and the Web site, IntelWeb. He also was a senior consultant for Pinkertonís Global Intelligence Services, where he was responsible for providing threat assessments on terrorism, crime, civil unrest, and war in other countries before focusing on Internet security.
Chat moderator: Thank you for joining us today, Ben Venzke, and welcome.
Ben Venzke: Hi.
Chat moderator: Please tell us a little bit about your background and your company.
Ben Venzke: My role here at iDefense is managing the intelligence process through which we gather information and send it out to clients. iDefense is a leading provider of computer security and cyber intelligence information to Fortune companies and governments.
Chat moderator: How does the "ILOVEYOU" virus work?
Ben Venzke: At its simplest level the virus propagates through the Net by emailing itself to every entry in the Outlook address book. It also can modify and delete files on a victimís computer.
Question from Terri: Can the "ILOVEYOU" bug be caught in chat rooms?
Ben Venzke: The virus can be caught through IRC. However, in chat rooms such as these it is very unlikely unless you are connected through a DCC. The DCC is the direct client-to-client connection, which allows the automatic reception of files.
Question from Haley-CNN: Mr. Venzke, any ideas why either Microsoft or Netscape, the browsers, can't devise some sort of fix to keep emails from the flooding with the virus?
Ben Venzke: This is a very difficult problem to get a hold of. What works one day, won't the next. Part of the problem is that many of today's countermeasures are reactive in nature. A lot of work still needs to be done in developing proactive countermeasures.
Question from Alcourt: Considering that the primary CERT defense advised is a MTA filter rule that actively scans email for this stuff, what legal and ethical implications are brought to light considering that email has legal and ethical expectation of privacy at most installations?
Ben Venzke: While the filtering of email certainly does bring up some privacy issues, the use of filters to look for various virus signatures is not much different from running anti-virus software on your own computer.
Question from Jackie-CNN: Do personal firewalls such as BlackICE or ConSeal protect a user's computer against the "ILOVEYOU" virus?
Ben Venzke: BlackICE and other firewalls are not designed to deal with this type of problem. There are some firewalls, which can help in cases like this, but this is the minority not the majority.
That being said, firewalls are a very important aspect of an organization or individualís computer security measures. Especially when using DSL or cable modems.
Question from Haley-CNN: What type of anti-virus do YOU use on your computer?
Ben Venzke: I personally use Norton Anti-Virus, however, any of the major anti-virus vendors are good. However, your anti-virus software is only as good as the last time you updated your virus definitions files.
Question from Jackie-CNN: Articles dealing with this virus are telling people not to accept any files or attachments from people they don't trust, but isn't it true that it's people you DO trust that the virus is going to unwittingly come from?
Ben Venzke: Yes, you want to avoid any attachments coming from unknown sources. However, as you mention in your question the difficulty with viruses such as Love Letter is that the infected message will come from someone you know.
If the attachment or message appears out of the ordinary, you need to check with the person who sent it to you rather than opening it up to see what it is. Awareness is key to preventing the spread of viruses such as this one.
Chat moderator: What should you do if you get one of these e-mails?
Ben Venzke: Don't panic. Simply select the message and press delete. With this virus, your computer will only be infected if you open or execute, double-click, the attachment.
You also need to make sure that you delete the message from your trash mailbox and make sure you delete the attachment from your hard drive. Not all email programs will delete the attachment when you delete a message.
Question from Alcourt: What progress is being made on fixing the real problem of permissions? Considering that these worms rely on the fact that there is no user permission structure, instead of what is normal on other operation systems of running as a restricted user with minimal permissions?
Ben Venzke: The problem is that most of the applications on Windows require the use of some form of Active Content, whether itís Rich Formatting, VBS, Java script, etc. Restricting the ability for all active content would restrict the functionality of many applications that rely upon it.
As functionality increases, so does the opportunity for security holes. It's a difficult problem facing all vendors who are trying to strike that perfect but elusive balance.
Question from Terri: I recently put a mIRC program on my machine. Should I delete the whole program?
Ben Venzke: You should disable or do not allow the automatic reception of files via DCC, direct client to client. Also make sure you anti-virus software is up-to-date.
Question from Haley-CNN: Do you have any information on the possibility that the "ILOVEYOU" virus originated overseas?
Ben Venzke: There is quite a bit of speculation in this area. We have not confirmed any aspect of this. It's really too early to say at this point. While the virus did communicate with email addresses and Web sites located in the Philippines, this does not mean that the virus author(s) are located there.
Chat moderator: Do you have any final thoughts to share with us?
Ben Venzke: Much like we put locks on the front doors of our houses when we move in, when we buy car alarms and the club for our car, we need to develop the same practices and habits for the cyber world.
Viruses like Love Letter and the attacks we saw in early February are not the end of the world for e-commerce. They are significant new challenges, however, that we need to learn to deal with.
Chat moderator: Thanks for joining us today!
Ben Venzke: Thank you. Goodbye.
Ben Venzke joined News chat via telephone. CNN.com provided a typist. The above is an edited transcript of the chat.
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.