Feeds

No 'sorry' from Love Bug author

Five years on, Spyder keeps schtum

  • alert
  • submit to reddit

High performance access to file storage

Five years ago, a new "supervirus" hit the headlines. It had the two successful - but evil - elements: destructive virus coding coupled to an enticing title and the simple fact that it arrived from someone the recipient knew. The combination was virus dynamite.

Most viruses start slowly and then build power; "I Love You" hit the computer world like a bomb - anti-virus companies had not seen anything like it and while they struggled to contain the infection, copycats were re-titling the virus and releasing in their own language.

At this point you might expect the story to flash-pan to a prison cell and a description of the miscreant responsible for the outrage safely behind bars. However, the person who almost certainly wrote the virus - proved not only by his own admission but also by a stack of corroborating evidence - is today a free man with a no criminal record.

That's because in the Philippines - where he lives - there were no laws against computer misuse and the authorities had nothing to charge him with.

Today, almost five years after the event "Spyder" (real name Reomel Lamores) is saying nothing about the virus, referring all calls to his lawyer who - in turn - also refuses to comment. Not even "sorry" for the hundreds of millions of pounds of damage it allegedly caused and the general pandemonium it generated.

US tabloid TV programmes and book authors have dangled cheques in front of his nose - but at the moment he rejects them all. Local reports say he fears being kidnapped and has nightmares about being bundled on to a boat and taken to the USA.

Spyder's Web

In May 2000 Spyder was a minor computer programmer in the employ of the local China Bank, living in a low-rent Manila apartment with girlfriend Irene De Guzman. After its release into the wild, I Love You - aka "The Love Bug" - was quickly traced back to Spyder who was held by the authorities on unspecified grounds. US and European law enforcement authorities fought to be the first to try the then twenty seven year-old. The FBI even put seven men on the case, including their specialist virus sniffer Federick Bjorck.

Under questioning Spyder started by claiming total ignorance of events and blandly refused to assist the authorites. Even in the face of mounting evidence - including his own email address carrying the outbound virus - for which he had no explanation.

Eventually, he changed his story to the one he maintains to this day: The honest accident. He was messing around with coding "and the code escaped". Strangely this is slightly supported by the evidence. A thinking virus writer would have worked harder to cover his tracks. Some speculate that the whole stunt was created to impress his new girlfriend and he secretly hoped to get caught.

The virus was smart - for that time - in that it knew about file length. The full title (of the original e-mail) was LOVE-LETTER-FOR-YOU.TXT.vbs. The length of this tile was vital because (on default Windows setting) this hides the .vbs extension and it could be taken as plain text.

When up and running, the virus looked in the address book of Microsoft Outlook and sent copies of itself to everyone therein. For good measure, the virus then linked to four pages on Sky Internet (in the Philippines) which, in turn, downloaded the falsely named WIND-BUGFIX.exe. This had the effect of collecting and sending email addresses and passwords to a known second email address.

This second part of the operation didn’t last long. The ISP noted the huge surge in traffic and suspended the pages. Within hours the FBI bloodhounds were on the scent of the perpetrator. However before they did the title had already changed to one of the hundreds of variations that followed - Very Funny Joke.

In June of that year, and barring any other law with which to prosecute him, authorities charged Spyder's girlfriend Guzman - who came under suspicion because of a certain expertise with computers - under the local "Access Devices Act" of 1994, which outlaws the illegal use of account numbers and passwords - a law directly related to credit card fraud. The charges were based on her owning the central computer from which the virus eminated. However, even these had to be dropped.

Later that year, the Philippines introduced new laws to target and outlaw a wide range of cybercrimes. But as the FBI are quick to point out - there are plenty of places left in the world that the cyber criminal is free to go about his or her business unhindered by the in-this-case-not-so-long arm of the law. ®

Related stories

Roll up for your ILOVEYOU fix
The Register guide to beating the Love Bug. Not
Bill Clinton associates Love Bug with terrorism

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.