School computer networks running Microsoft Outlook eMail systems were among the millions around the world affected May 4 by a new software virus known as the “love bug.”

The virus spread quickly around the world, swamping U.S. computer networks with eMails titled “ILOVEYOU,” after crippling computers in Asia and Europe.

“We had to shut down the eMail server for several hours this morning,” said Bob Moore, director of instructional technology for the Blue Valley School District in Kansas, immediately after the outbreak. “Our virus protection software did not have [the virus] in its profile, but it has been updated now. I’m sure this has caused a lot of people a lot of problems.”

According to Nancy Messmer, director of library media and technology for Bellingham Public Schools in Washington, the virus crippled her district’s computers.

“We’re disabled, actually. It appeared on all our computers first thing this morning, and we are just so dependent on our eMail that it got us right away,” she said, speaking as news of the outbreak spread. “We called every school and told them to delete it, but it brought the whole system down anyway.”

The extent of the damage done depends on the degree to which eMail is integrated into the schools, Messmer said: “We don’t have many people who are unaffected. Our network security people will probably have to attack it server by server. I wonder about small districts that don’t have the resources to expunge this.”

Experts said they were stunned by the speed and wide reach of the virus.

“It appears to be the same sort of class of virus as Melissa,” the eMail virus that overwhelmed computer systems around the world about a year ago, said Bill Pollack, spokesman for the CERT Coordination Center in Pittsburgh, a government-chartered computer security team.

But the new virus, which used the Outlook eMail program from Microsoft to spread, also infected other types of files stored on desktop computers and network servers, CERT reported on its telephone hot line.

By midday eastern time on the first day of the outbreak, a virus scanning system provided on the internet by the computer security company Trend Micro already had detected more than 500,000 infected computer files around the world, including more than 350,000 in the United States.

In Britain, the virus brought down about 30 percent of company eMail systems, according to Network Associates, another computer security firm. In Sweden, the tally was 80 percent.

Even the U.S. Department of Education (ED) reported problems. The department’s web site was down most of the day May 4 while officials made sure no affected messages were sent through the site’s eMail system.

“We have 17 computers fully infected and 102 partially infected. We have 10,000 ILOVEYOU messages attempting to reach just people with the letters A or B starting their last names, and we estimate that we have 100,000 to 200,000 infected messages queued up on our system waiting to be delivered,” Jim Bradshaw, a spokesman for ED, said on May 4.

“People from Microsoft have been working with us all day, putting up firewalls and trying to address the problem. We believe we have prevented most of the messages going through, but some have slipped by. It’s just a matter now of cleaning up, deleting the messages.”

Much like Melissa, the “love bug” spread by infiltrating a computer user’s address book and sending copies of itself to that person’s contacts. However, the new virus also used instant messaging or “internet chat” systems, such as ICQ, to spread.

Not all computer systems were affected by the virus. Only PCs running Microsoft Outlook were vulnerable; Macs were unaffected.

“We’ve had questions and comments all day, but we don’t use Microsoft Outlook, so it’s not a problem,” said Ruth Friedman, technology director for Beachwood City Schools in South Dakota. “We sent out an eMail warning people not to open any ILOVEYOU messages [and have had] no problems yet.”

Trevor Shaw, director of technology for St. Benedict’s Preparatory School in New Jersey, said he quickly did a survey of his technology staff and no one had reported receiving the virus.

“Fortunately, we are not using Outlook,” Shaw said. “One of the reasons we don’t use Outlook is because it’s pretty prone to malicious coding. It’s also one of the reasons we weren’t really affected by the Melissa virus.”

CERT Coordination Center at Carnegie Mellon University

http://www.cert.org