Just when school technology staff members were recovering from the highly destructive “Love Bug” virus, a new virus began eating its way through computers, and this one is smarter and more destructive than the worldwide Love Bug plague that inspired it, experts say. They have christened it “NewLove” or “Spammer.”

The Love Bug was easy to detect with the “ILOVEYOU” subject line of the eMail messages that carried it, but the new virus changes subject lines every time it is sent. It also destroys most of the files on the computers it infects.

“Each time the virus spreads, it mutates itself to evade detection,” according to Symantec Corp., a California antivirus software maker.

The virus was detected at several large companies on May 18, said Dave Perry, spokesman for another antivirus software maker, Trend Micro Inc. At one company, 5,000 computers were infected, said Perry, who would not identify any of the companies affected.

“If this gets to 100,000 machines vs. millions for the Love Bug, that’s more damaging,” because of the way it crashes computers, Perry said.

Schools are especially susceptible to widespread computer viruses like this one, say school network administrators.

“We have been very lucky so far, because we are primarily Macintosh-based, but PC-based districts will definitely have problems,” said Tom Plati, director of libraries and educational technology for Wellesley Public Schools in Massachusetts.

“The problem that schools have that businesses do not is that we don’t have a network technical staff to help us recover when a virus hits,” he said.

The subject line of an eMail message infected with the new virus starts with “FW:” and includes the name of a randomly chosen attachment from a previous eMail message on an infected computer. The eMail message will have an attachment with the same name, but ending in “.vbs.”

For example, the virus might find the file “mydoc.txt” on the user’s system and send off a message with the subject line “FW: mydoc.txt” and an attachment of “mydoc.txt.vbs.”

Clicking on the attachment will activate the virus. Like Love Bug, it will send itself to everyone in the user’s address book. It will then overwrite most files on the hard drive, rendering the computer useless until the operating system is reinstalled.

So far, Microsoft’s Outlook is the only eMail program the virus is attacking, said Anita Chen, a spokeswoman for Trend Micro. Microsoft has reportedly said it soon will make available a modification to Outlook that will warn users about suspect eMail attachments.

Antivirus software has proven fairly ineffective in combating quick-spreading viruses such as this newest example, experts agree. Desktop programs prevent only known viruses, matching them up with a set series of “fingerprints” that identify a virus as harmful.

Antivirus companies respond to these virulent viruses by setting up web sites allowing users to quickly download the needed antivirus program onto their computer. But according to wire service reports, that method of controlling the spread of computer viruses leaves room for considerable human error, leading some experts to call for a more aggressive effort by internet service providers (ISPs).

“Internet service providers have the capability to block and filter some of these malicious viruses before they get to desktops,” Greg Olsen, chief executive officer of the eMail software company Sendmail Inc., told reporters.

John Pescatore, director of network security at the Gartner Group research firm, agreed, saying, “The job is definitely heading for the ISPs to handle. But consumers aren’t going to pay for it as a line item. They only get concerned when there’s a Melissa or Love Bug, and they forget about them pretty quickly.”

eMail servers are likely to crash as a direct result of the size of the attachments that are sent with the new virus, experts said. The Love Bug had a small attachment, but crashed eMail servers all over the world when it sent millions of copies of itself through the systems at once.

The Love Bug spread like wildfire to millions of computers in early May. Estimates of the damages caused range up to $10 billion, and investigators have questioned several people in the Philippines during the search for the author.

The relatively simple Love Bug virus was followed some hours later by slightly modified variants, posing as jokes or confirmations on Mother’s Day gifts. None of the variants was very widespread.

Trend Micro’s Perry said he hoped that increased awareness among eMail users would hold back the spread of the new virus.

“Any time a virus hits a week after another virus, its potency is diminished,” he said. “People tend to be a little more cautious.”

The CERT Coordination Center, a government-chartered computer emergency team at Carnegie Mellon University in Pittsburgh, reported that it was aware of the outbreak, but that it had not immediately been contacted by virus victims.

Gartner Group

http://gartner4.gartnerweb.com/public/static/home/home.html

Sendmail Inc.

http://www2.sendmail.com

Symantec

http://www.symantec.com

Trend Micro

http://www.trend.com

Microsoft

http://www.microsoft.com