Feeds

No 'sorry' from Love Bug author

Five years on, Spyder keeps schtum

  • alert
  • submit to reddit

The Essential Guide to IT Transformation

Five years ago, a new "supervirus" hit the headlines. It had the two successful - but evil - elements: destructive virus coding coupled to an enticing title and the simple fact that it arrived from someone the recipient knew. The combination was virus dynamite.

Most viruses start slowly and then build power; "I Love You" hit the computer world like a bomb - anti-virus companies had not seen anything like it and while they struggled to contain the infection, copycats were re-titling the virus and releasing in their own language.

At this point you might expect the story to flash-pan to a prison cell and a description of the miscreant responsible for the outrage safely behind bars. However, the person who almost certainly wrote the virus - proved not only by his own admission but also by a stack of corroborating evidence - is today a free man with a no criminal record.

That's because in the Philippines - where he lives - there were no laws against computer misuse and the authorities had nothing to charge him with.

Today, almost five years after the event "Spyder" (real name Reomel Lamores) is saying nothing about the virus, referring all calls to his lawyer who - in turn - also refuses to comment. Not even "sorry" for the hundreds of millions of pounds of damage it allegedly caused and the general pandemonium it generated.

US tabloid TV programmes and book authors have dangled cheques in front of his nose - but at the moment he rejects them all. Local reports say he fears being kidnapped and has nightmares about being bundled on to a boat and taken to the USA.

Spyder's Web

In May 2000 Spyder was a minor computer programmer in the employ of the local China Bank, living in a low-rent Manila apartment with girlfriend Irene De Guzman. After its release into the wild, I Love You - aka "The Love Bug" - was quickly traced back to Spyder who was held by the authorities on unspecified grounds. US and European law enforcement authorities fought to be the first to try the then twenty seven year-old. The FBI even put seven men on the case, including their specialist virus sniffer Federick Bjorck.

Under questioning Spyder started by claiming total ignorance of events and blandly refused to assist the authorites. Even in the face of mounting evidence - including his own email address carrying the outbound virus - for which he had no explanation.

Eventually, he changed his story to the one he maintains to this day: The honest accident. He was messing around with coding "and the code escaped". Strangely this is slightly supported by the evidence. A thinking virus writer would have worked harder to cover his tracks. Some speculate that the whole stunt was created to impress his new girlfriend and he secretly hoped to get caught.

The virus was smart - for that time - in that it knew about file length. The full title (of the original e-mail) was LOVE-LETTER-FOR-YOU.TXT.vbs. The length of this tile was vital because (on default Windows setting) this hides the .vbs extension and it could be taken as plain text.

When up and running, the virus looked in the address book of Microsoft Outlook and sent copies of itself to everyone therein. For good measure, the virus then linked to four pages on Sky Internet (in the Philippines) which, in turn, downloaded the falsely named WIND-BUGFIX.exe. This had the effect of collecting and sending email addresses and passwords to a known second email address.

This second part of the operation didn’t last long. The ISP noted the huge surge in traffic and suspended the pages. Within hours the FBI bloodhounds were on the scent of the perpetrator. However before they did the title had already changed to one of the hundreds of variations that followed - Very Funny Joke.

In June of that year, and barring any other law with which to prosecute him, authorities charged Spyder's girlfriend Guzman - who came under suspicion because of a certain expertise with computers - under the local "Access Devices Act" of 1994, which outlaws the illegal use of account numbers and passwords - a law directly related to credit card fraud. The charges were based on her owning the central computer from which the virus eminated. However, even these had to be dropped.

Later that year, the Philippines introduced new laws to target and outlaw a wide range of cybercrimes. But as the FBI are quick to point out - there are plenty of places left in the world that the cyber criminal is free to go about his or her business unhindered by the in-this-case-not-so-long arm of the law. ®

Related stories

Roll up for your ILOVEYOU fix
The Register guide to beating the Love Bug. Not
Bill Clinton associates Love Bug with terrorism

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.