More than a week after its initial release, the LoveLetter virus and its variants continue to haunt corporate email systems and networks around the globe.
The original virus, which came with the subject line "ILOVEYOU", has spawned dozens of variants. One claimed to be an antidote for the virus, while another copycat virus author ported the menace to the Unix platform. The Unix virus is said to be more of a "proof of concept" rather than anything severe.
Damage estimates from the virus range from $1 billion in the US to upwards of $15 billion worldwide, says Larry Bridwell, technology program manager at ICSA.net, a group that certifies security products and practices.
LoveLetter is the most damaging virus strain to date, costing an estimated $750 million in the first five hours alone, according to ISCA.net. The numbers will continue to grow as companies cleanse the virus from deep inside their file networks. One of LoveLetter's nastier side effects is that it replaced certain types of files with copies of itself, allowing a computer to be re-infected if a user opened what he thought was an innocuous music or image file.
Bridwell says the code was nothing more than a modified version of the Melissa virus. Still, it slipped past antivirus detectors without a second glance. What can users do to prevent another costly outbreak of a similar virus?
"You have to educate and empower users," says J.F. Rupert, information management chief for the Ohio National Guard. "Sure you can shut down servers to prevent the spread, but you really have to attack the virus at the end-user level."
Rupert was first alerted about the virus at 6:30am the day of the outbreak. There are 1200 regular users in the Ohio National Guard, but only 40 to 50 machines were infected. He and eight of his team shut down the Guard's email system for three hours to contain and purge the virus. "It could have been a lot worse," Rupert says, crediting education efforts that taught the user community to be wary of attachments.
During the downtime, the team sent out voice mails and posted flyers to alert users about the problem. Even before Rupert received his new virus definitions from Norton and McAfee, he had his Exchange servers back up and running. The same can't be said of the National Guard's main email servers, which were still down as of Wednesday, he says.
Rupert also says preparing a disaster recovery plan is essential. "We're not talking a 4000-page document -- just a couple of pages that spell out what to do in a crisis," he says. Because of their backup plan, Rupert and his team were able to recover all the files wiped out by LoveLetter. Additionally, the Ohio National Guard provides its 15,000 part-time troops with free access to antivirus software to limit exposure to viruses spreading up from the ranks.
Bridwell says corporations need to take a more active approach by ensuring virus definitions are updated weekly and by scanning at all levels, including the desktop, mail server and network perimeter. "Usually, companies we see have no or inadequate security policies in place," he says. They need to have quarantine policies for certain file types, or even restrict what type of files can be received as attachments.
"No matter what, there will be viruses that get through," Rupert says. The key is minimising their impact.