Philippine Police Wait for 'Love Bug' Warrant

[William Knowles <wk () C4I ORG>]

http://dailynews.yahoo.com/h/nm/20000506/wr/virus_philippines_4.html

By Sharon Buan
Saturday May 6 3:22 PM ET

MANILA, Philippines (Reuters) - Philippine police said Saturday they
were awaiting a judge's warrant to arrest the hacker suspected of
creating the ``Love Bug'' virus which has crippled computers
worldwide.

``They informed me that there was no judge available, although we are
trying our best to contact one,'' National Bureau of Investigation
Director Federico Opinion told Reuters by telephone.

``Nothing will happen until tomorrow (Sunday) morning,'' Nelson
Bartoleme, the head of the Bureau's anti-fraud and computer crimes
division, told reporters.

But he indicated Bureau agents had placed the suspect, believed to be
a 23-year-old man living in a crowded Manila suburb, under watch.
``Our operatives are out in the field for surveillance,'' he said.

Police and Internet service providers (ISPs) earlier confirmed the
suspect lived in the Manila suburb of Pandacan, but Bureau officials
said they had not yet confronted him and would not say why.

Some Bureau officials privately said the man had been identified, but
would give no further details. Only one man is at the focus of their
investigations, they said.

Swedish Expert Points To German

In Sweden, however, a computer expert said Saturday he believed an
18-year-old German exchange student in Australia was responsible for
the virus.

The originator went under the name of ``Michael'' and had left traces
on Internet user groups, according to Fredrik Bjorck, a Stockholm
University researcher in data systems.

``I have good reasons for saying I have probably found the originator
of the Love Letter virus,'' Bjorck told the Swedish news agency TT.

``The Love virus was activated in the Philippines but it is not
certain whether Michael was there in person,'' Bjorck said.

Bjorck helped the Federal Bureau of Investigation (FBI) trace the
destructive Melissa computer virus last year, TT said.

The Washington Post newspaper said in its Saturday editions that the
FBI had traced the virus to the Philippines through a fairly obvious
electronic trail and was ready to seize computers used in the attack
once it got court permission.

Access Net Inc earlier said the virus had first spread through two
e-mail addresses in its prepaid Internet service network, Supernet.
The addresses the hacker used -- spyder(at)super.net.ph and
mailme(at)super.net.ph -- have been frozen.

Jose Carlotta, chief operating officer of Access Net, said the virus
could have originated elsewhere but the data retrieved from the e-mail
accounts pointed to a Filipino in Pandacan.

``That's the lead we were able to garner from the communications and
the mailbox,'' he said.

Carlotta said his firm and other ISPs hit by the virus had given all
the information they had to the authorities.

``Last night we gave them all the information we know already. I have
spoken with the general manager of SKY Internet and they're working
more closely with the Federal Bureau of Investigation through the
NBI,'' he said.

``I think they're already waiting for some more subpoenas to be able
to take further action.''

Prior Hacking Bid

SKY Internet said Friday the virus was brought into its network by
someone who had previously attempted to hack into its system. The
virus was routed through a fake account at Impact, another ISP.

SKY said it had given its audit trails of the virus to the NBI, the
FBI and Interpol.

Both Access Net and SKY said the information would be enough to track
down the originator of the virus.

The ``Love Bug'' is being called the fastest-moving and most
widespread computer virus ever, affecting brokerages, food companies,
media, auto and technology giants worldwide. Universities and medical
institutions have also been hit.

The original virus is carried by e-mails with the subject line
``ILOVEYOU,'' enticing users to click on the message, which then
cripples their systems. Its second component stays in computers to
steal passwords and e-mail them to mailme(at)super.net.ph.

Although the virus seems to have started in the Philippines, systems
there and in much of Asia have escaped largely unscathed as several
markets were on holiday this week. But the full extent of the virus
will likely become clearer next week.

In Japan, however, a software company said Saturday the virus had
spread quickly although the full extent of the damage would not be
known until Monday when millions of workers return from a long holiday
break.

According to the Japanese Internet company Trend Micro Inc, an on-line
scan they conducted showed that at least 28,000 messages had been
tainted with the virus.

New Zealand's largest telecommunications operator Telecom said it had
deleted more than 17,000 messages carrying the virus from its Internet
service and was searching for new variations.

Experts said the virus was likely to engender more variants in the
coming weeks. Some copycat variants already detected took the form of
Mother's Day gift notices, jokes, and anti-virus warnings.


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".