By Catherine Wagley
By Channing Sargent
By L.A. Weekly critics
By Amanda Lewis
By Catherine Wagley
By Carol Cheh
By Keegan Hamilton
By Bill Raden
The ILOVEYOU computer bug, the fastest-spreading, most destructive virus in the history of computers, was made possible by those much-maligned folks at Microsoft.
Let me explain. In the past, most people assumed that you couldn‘t get a virus unless you ran a piece of software, i.e., a program, a set of instructions to your computer to carry out certain operations. Thus, only an executable file -- an .exe, .com or .bat -- could infect your computer. A picture, text or document file is only viewed by your computer; it doesn’t trigger your computer to do anything. At least, that‘s the way it was supposed to be.
The ILOVEYOU e-mail carried an attachment called ”Love-Letter-To-You.TXT.vbs.“ Now, I can’t imagine why anyone would jump to open such a message; to me, it sounds like porn spam. But I suppose the surprise value of receiving an emotionally loaded missive ostensibly from the keyboard of a mere acquaintance or a business colleague (the bug propagated itself by running through company e-mail address books) was just too tempting for some 10 million to 50 million people to pass up. That was the LOVE-bug author‘s first psychological trick. The second was using ”.TXT“ in the file name, to make you think the attachment was a harmless text document. But after ”.TXT“ was the file’s real extension name, ”.vbs.“ Now, the .vbs extension is obscure enough that even I didn‘t recognize it before this little outbreak. It stands for VisualBasicScript, a Microsoft programming language. It meant that the LOVE attachment was a program, not a text file, and therefore had an open field to molest your computer.
My first question after the disaster was: Why would your machine automatically run an obscure program like VisualBasic directly from an e-mail? Well, to make your computer more convenient and easier to use, Microsoft employs a system of ”file-name associations.“ If you click on most attachment files, they will automatically be passed to the application program that can read them. (Macs have a similar feature.) Most of us know not to run an .exe file (not counting the millions who clicked on ”Happy99.exe“ last year). But what about .vbs? Few people realized, until last week, that a .vbs extension could wreak havoc upon the world.
In fact, there are six file-name extensions that will lead a file to the Windows Scripting Host: .vbs, .vbe, .wsf, .wsh, .jse and .js. Click on any of these files, attached to your e-mail or otherwise, and a program will begin running -- with unknown consequences. You can prevent this by deleting the Windows Scripting Host, but there’s just a chance you‘ll need it one day. You could also delete the applications for these six extensions (click on My Computer, then choose View>Folder Options> File Types, then Remove these file types from the list). But then these types of files wouldn’t run automatically even if the files originated on your computer.
Microsoft -- and other e-mail software companies -- could stop this sort of virus dead in its tracks by setting up a firewall between the e-mail program and the Windows Scripting Host. It wouldn‘t be the traditional firewall that prevents certain data from getting into your computer in the first place, but a simple ”Whoa! Don’t take just any VisualBasic program from e-mail and run it on the Windows Scripting Host! It could be a trap!“ A firewall could prevent attachments from automatically executing altogether: If someone receives a program in e-mail that he really wants to run, let him save it to the hard disk as a file, then run it himself.
In fact, in response to widespread criticism, Microsoft this week announced a new security patch that will prevent the ”one-click“ launch of the most dangerous e-mail attachments. The downloadable fix, due out May 22, will include a pop-up warning that will alert you when somebody is trying to get into your e-mail address book. But given that 100 million mail program are running without the fix, and not everybody will download it, this response seems too little, too late.
And don‘t think avoiding running vbs or similar programs will keep you safe. Even .doc files, which are commonly exchanged by e-mail, could contain deadly instructions, due to an even more insidious form of embedded Microsoft program: the macro. To make programs like MS Word and Excel more powerful, programming languages called macros are included, which allow a series of MS Word commands to be executed like a program. Word macros can contain embedded Visual Basic commands.
This is how the Melissa virus, last year’s big e-mail scare, was spread. According to Patrick Martin of the Symantec Anti-Virus Research Center, Microsoft programs Word, Excel, PowerPoint, Outlook, Access, Project and Visio are all susceptible to this sort of embedded macro virus. Macro viruses are hard for the end-user to detect and bar, because so many Word, Excel and other ”project“ files are regularly exchanged by e-mail. For example, I sent this article to my editor as a .doc (MS Word) file, and she opened it in Word, edited it and sent the .doc file back to me for proofing. Little did she know that this article could contain a hidden macro virus that would run a VisualBasic program on her computer, infecting her hard disk or even deleting it.