Computer users faced yesterday new variations of the destructive "ILOVEYOU" computer virus, including one concealed as a joke and another as confirmation for a Mother's Day gift order.
Computer systems around the world were infected Friday as the virus disguised as a love letter overwhelmed networks and burrowed into hard drives, destroying files containing precious photos and video. Victims included the United Nations headquarters in New York.
Antivirus experts said the initial outbreak of the bug with "ILOVEYOU" in the subject line seemed to be slowing, but warned the copycat versions were already making the rounds.
At least five copycat variations were spreading yesterday, according to computer security company F-Secure Corp. in San Jose, California. One version comes with an attachment labeled "Very Funny," while another arrives as confirmation that the recipient's credit card has been charged $326.92 for a Mother's Day "diamond special," urging the reader to click on an attachment to print the invoice. Opening either attachment releases the bug.
"When users get such e-mails they assume there is some mistake and will naturally open the attachment - infecting their computer. With only eight days to go until Mother's Day, this attack is quite credible,' said Mikko Hypponen at F-Secure.
Authorities in the Philippines were investigating leads on the source of the virus attacks based on information from an Internet service provider.
By some estimates, the original "love bug" infected tens of millions of computers worldwide, not only spreading by e-mail like last year's Melissa virus, but through instant messaging systems that let people chat on the Internet.
And, in another malicious twist, the new virus was designed to destroy several types of increasingly popular computer files, including those storing photographs and video.
"If this (virus) is unleashed on your home computer, I hope you have backups. It is a destructive file," said Shawn Hernan, vulnerability team manager at the CERT Coordination Center, the government-chartered computer security team at Carnegie Mellon University in Pittsburgh.
Initially, the bug also attacked by steering a computer's Internet browser to visit a Web site that was later shut down by its service provider, SKYInternet of the Philippines. At the Web site, the virus would download a program that searched for various types of passwords and sent them to an e-mail account on another Philippines service provider, AccessNet.
Jose Carlotta, chief operating officer of AccessNet, said he believed the virus was initially spread from e-mail accounts on AccessNet, as well as free e-mail accounts with other providers.
Some of the AccessNet e-mail accounts were prepaid with the purchase of plastic cards, much like a prepaid phone card, that don't require the buyer to give personal information. Also, accounts belonging to other users appear to have been broken into to spread the virus.
Carlotta said it was impossible to find the one who created the virus. The company is cooperating with a police investigation.
Computer security experts urged computer users to delete any e-mail with an attachment reading "LOVELETTER" or "Very Funny." The virus is activated by opening the attachment.
The virus targets computers running on Microsoft's Windows operating system, attacking the Outlook e-mail program and the Internet Explorer browser, both of which are also made by Microsoft.
It spreads like most e-mail viruses, arriving as a seemingly friendly message, infiltrating a person's computer address book and sending copies of itself to contacts listed.
But in addition to overwhelming computer networks with the sheer crush of e-mail it generates, the new virus strikes out at some of the most popular new passions on the Internet, destroying digital photographs and hiding music files stored with the digital technology known as MP3.
Still, some experts said the worst impact may have been the way the virus crashed e-mail systems and crippled networks.
"There were lots of copies of this in mail boxes, but not so much damage," said Carey Nachenberg, chief researcher at Symantec Antivirus Research Center, noting that the Explore.Zip virus that struck last June "was 10 times nastier in terms of its destructive capacity."
The FBI quickly opened a criminal investigation into the outbreak, while computer security firms scurried to post software on their Web sites to scan for the bugs and remove them from infected machines.
The virus disabled e-mail systems on Capitol Hill and in the British Parliament. State Department officials found the virus in their servers early today and "shut off our connection with the outside world," spokesman Richard Boucher said.
The flood of infected e-mails forced major corporations like Ford Motor Co. and Lucent Technologies Inc. to shut down their e-mail systems. New Jersey's state government and government agencies all across the country did the same.
AT-and-T shut down an e-mail system serving 145,700 employees: "We're trying to give our tech support people enough room to find a cleanser and make us pure again," said AT-and-T spokesman Burke Stinson.
In Britain, about 30 percent of company e-mail systems were brought down by the virus, according to Network Associates, a computer security firm. In Sweden, the tally was 80 percent.