By Alan Robles
A couple of people mailed me copies of the ILOVEYOU worm to examine. Heeding their blood chilling exhortations to be careful, I unzipped one of the files with my customary care and skill. Naturally, I found out seconds later that I'd just infected my computer.
Fortunately nothing vital was destroyed but the accidental infection allowed an in-your-face, see-me feel-me encounter with ILOVEYOU. It wasn't a pleasant meeting.
Within moments of its release the beast had zapped hundreds of files. It chewed up all the icons on the Control Panel and, though unable to mail itself out, destroyed some entries on my address book.
Though I knew roughly how the worm worked, I still became hot under the collar at the evidence of its handiwork. I could imagine the feelings of a graphic designer or a digital photographer seeing his livelihood vaporized. I understand that one of the worm's victims was a Scandinavian image archive which had just finished scanning thousands of rare historical photos, only to see them deleted by the worm.
From what I've read, ILOVEYOU started out as a password stealing virus, but somebody modified the payload to make it messily lethal. Anybody hit by this will find it is not a loving program.Picture what happens when this monster gets into your system and imbeds itself into your system registry and other places. After taking a few nanoseconds to rub its hands with glee at having broken in, it snaps its digital fingers. Shazam! All your jpegs are so much meringue and your MP3 files are rendered invisible, replaced by deadly duplicates. Another snap of its fingers -- shazam! -- your address book has just been instantly read and the worm has mailed copies of itself to everyone on the list. The creature also tries to steal your passwords and attempts to contact is makers for further instructions.
What repels me most is that the worm doesn't just destroy files, it replaces them with copies of itself. Where your PC might have once had several hundred picture files, moments after an attack it would host hundreds of ILOVEYOU programs, each one a seedpod ready to burst open and scatter its progeny when you click on the icon. It's somehow appropriate that Microsoft's symbol for Visual Basic files -- a tiny twisted pale green paper scroll -- looks like a nauseating squiggly worm.
The point is, even if you delete and reinstall Windows, you'll still find copies of the virus all over your hard drive and you'll have to hunt down and erase scores of those disgusting squiggly symbols. In my case, a quick search revealed that I had hundreds of the things on my disk. I've managed to delete most of them but it's a painstaking process so I still have about 257 copies of ILOVEYOU on my PC.
Both Norton and Trend Micro have issued ILOVEYOU quick fixes but the two programs they've issued -- fixlove.exe and swat.exe -- only illustrate how antivirus programs can give you a false sense of security. All they do is delete or neutralize the worm embedded in your operating system. Remember this critter not only deletes your files, it replaces them with copies of itself. So while the programs might reassure you that your system is clean, your machine could actually be infested with enough viruses to start another plague.
ILOVEYOU relies heavily on guile and stealth. The guile is easy enough to explain: using "love letter for you" as a means of coaxing victims to destroy their own computers.
The stealth aspect is a bit technical.The virus actually has a deceptive file name. Whereas most recipients would have seen the attachment as "ILOVEYOU.txt" and would therefore think it was a text message, the actual name is "ILOVEYOU.txt.vbs", the "vbs" extension being the dead giveaway that it's a visual basic file and probably up to no good. However the default setting in Windows is to hide file extensions from users. This is part of Microsoft's philosophy of discouraging the user from tampering with Windows.
You can overcome this by setting your operating system this way:
- open explorer
- click view
- click folder options
- click view
- click on the circle that says show all files
- click OK
If your system has been infested, you'll suddenly see text files and jpeg files magically revealed to be those revolting vbs squiggly icons. You'll also find that your real MP3 files have reappeared.
Keep this setting on. Make sure you don't click on any email attachments without asking the sender first what's in it. Always a remember, a message of love could actually be a package of hate.