Searching \ for '[OT] Claim to be a Philippine Virus' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=claim+philippine
Search entire site for: 'Claim to be a Philippine Virus'.

Exact match. Not showing close matches.
PICList Thread
'[OT] Claim to be a Philippine Virus'
2000\05\05@225534 by wolverines_ph

flavicon
face
Hi!

To all PICLIST!

It was claimed that the I LOVE U virus was originated here in the Philippine!!!

As far as investigation is concern that it was trace and that is out the BIGGEST HEADLINE of the NEWS..





==
-=wolve=-

_____________________________________________________________
---
http://mail.secureroot.com/ - free mailbox for hackers and geeks

2000\05\06@030836 by Mark Willis

flavicon
face
Headers tell you a LOT (once you understand how to read 'em.)  I'd bet
that various ISP's Abuse Desks had a lot to do with tracing the sender
down, really - I'm betting ONE 15-year-old is grounded for *life*,
within a few hours or so, from what I've heard...

 Mark

-=wolves-= wrote:
{Quote hidden}

2000\05\06@065832 by Jinx

face picon face
The last I heard was that the original posting was made with a pre-paid
e-mail account through Sky Internet in Manila, done with a Super.Net
card. Although the account can be used from anywhere anonymously, it
was used at least once with a traceable phone number for the purchaser
of the card. Authorities are "confident" it's a 23-yo hacker known as
Spyder. Seems he's not one to shy away from hacking any ISP he can,
being thwarted several times by Filipino servers.

Poetic justice that a Spyder may be caught by a Web

I remember the author of Chernobyl (aka CIH, his initials) was caught in
Taiwan last year -- what happened to him ? Is there a queue around the
block to kick the crap out him and/or bankrupt him for life and/or break
every one of his @&*$*&$ fingers ?

{Quote hidden}

2000\05\06@210126 by Lindsay Pallickal

flavicon
face
> I remember the author of Chernobyl (aka CIH, his initials) was caught in
> Taiwan last year -- what happened to him ? Is there a queue around the
> block to kick the crap out him and/or bankrupt him for life and/or break
> every one of his @&*$*&$ fingers ?
>

   Sadly I heard from a Taiwanese friend of mine that the military hired
the guy to work for them. The media there portrayed him as a misguided
genius of sorts who was now putting his "expertise" to good use for the
military. Makes absolutely no sense to me.

2000\05\06@224249 by Russell McMahon

picon face
>> I remember the author of Chernobyl (aka CIH, his initials) was caught in
>> Taiwan last year -- what happened to him ? Is there a queue around the
>> block to kick the crap out him and/or bankrupt him for life and/or break
>> every one of his @&*$*&$ fingers ?
>>
>
>    Sadly I heard from a Taiwanese friend of mine that the military hired
>the guy to work for them. The media there portrayed him as a misguided
>genius of sorts who was now putting his "expertise" to good use for the
>military. Makes absolutely no sense to me.


It might if you put yourself in the place of the Taiwanese military and
stood on their western shoreline and looked west! :-)
They may just feel that every bit of help that they can get in any possibly
pertinent area, they can use. If they could ever do as much damage to their
neighbour at the "right" time as this man did to the rest of the world then
they would probably pay for their investment in him many times over. I'm not
saying that this is good, just that to me it makes great sense.



RM

2000\05\12@042000 by D Lloyd

flavicon
face
Hi,

Beaten up ? Probably more likely to be a list of job offers from the CIA,
MOSSAD, MI6, KGB, banks, insurance companies......etc etc

Dan





Jinx <spam_OUTjoecolquittTakeThisOuTspamCLEAR.NET.NZ>
06/05/2000 11:56


Please respond to pic microcontroller discussion list <.....PICLISTKILLspamspam@spam@MITVMA.MIT.EDU>

To:   PICLISTspamKILLspamMITVMA.MIT.EDU
cc:    (bcc: Dan Lloyd/GBPTD/ABB)
Subject:  Re: [OT] Claim to be a Philippine Virus

Security Level:?         Internal



The last I heard was that the original posting was made with a pre-paid
e-mail account through Sky Internet in Manila, done with a Super.Net
card. Although the account can be used from anywhere anonymously, it
was used at least once with a traceable phone number for the purchaser
of the card. Authorities are "confident" it's a 23-yo hacker known as
Spyder. Seems he's not one to shy away from hacking any ISP he can,
being thwarted several times by Filipino servers.

Poetic justice that a Spyder may be caught by a Web

I remember the author of Chernobyl (aka CIH, his initials) was caught in
Taiwan last year -- what happened to him ? Is there a queue around the
block to kick the crap out him and/or bankrupt him for life and/or break
every one of his @&*$*&$ fingers ?

{Quote hidden}

2000\05\12@042414 by D Lloyd

flavicon
face
Hi

Whoops; maybe I should read the PICLIST in date order rather than by author when
I return from a two-week exam-revision "break".
Still, seems my cynicsm wasn't far from the mark.....

Dan






Lindsay Pallickal <.....emiceKILLspamspam.....PAYLESSPHONEBILL.COM>
07/05/2000 01:59


Please respond to pic microcontroller discussion list <EraseMEPICLISTspam_OUTspamTakeThisOuTMITVMA.MIT.EDU>

To:   PICLISTspamspam_OUTMITVMA.MIT.EDU
cc:    (bcc: Dan Lloyd/GBPTD/ABB)
Subject:  Re: [OT] Claim to be a Philippine Virus

Security Level:?         Internal



> I remember the author of Chernobyl (aka CIH, his initials) was caught in
> Taiwan last year -- what happened to him ? Is there a queue around the
> block to kick the crap out him and/or bankrupt him for life and/or break
> every one of his @&*$*&$ fingers ?
>

   Sadly I heard from a Taiwanese friend of mine that the military hired
the guy to work for them. The media there portrayed him as a misguided
genius of sorts who was now putting his "expertise" to good use for the
military. Makes absolutely no sense to me.

2000\05\12@050230 by Milan v.d. Swaluw

flavicon
face
Hello,

i've seen the .vbs-file.

In it you can find the comments like, "i hate to go to school", "by:
spider", "Manilla Philipines" and a name "Khaled Mardam-Bey" (probably
fake) in the MIRC-part. In the script you can also see that files with the
extensions .js, .jse, .css, wsh, .sct, .jpg, .mp3, mp2, and so on will get
some extra information copied to them...

Anyone that opened the script had this information.

I couldn't find anything about a pre-paid card, but i'm no ISP.

It's a nice virus, but it's written by an amateur. Al of the program is in
"main()", there are no subroutines.

But still, with only four pages of code and the phrase "I love you", i
don't think i could do that much damage worldwide. HI.

Milan.


On Fri, 12 May 2000, D Lloyd wrote:

{Quote hidden}

2000\05\12@080350 by Alan B Pearce

face picon face
>It's a nice virus, but it's written by an amateur. Al of the program is in
>"main()", there are no subroutines.

If any virus can be classed as nice! I understood the code was actually made up
of several subroutines, but have not seen it myself.

>But still, with only four pages of code and the phrase "I love you", i
>don't think i could do that much damage worldwide. HI.

Well it caused my company to disconnect from the Internet for several days while
the infection was removed from internal PC's. This as well as having to restore
a very large number of images on the company web pages because of infection.
Result was I did not receive any PicList messages for last weekend, and a couple
of days before. This as well as the other mailing lists I subscribe to, and not
having any web access at all. One news report I came across reckoned someone in
USA received 1500 copies of the virus! Once one copy of the virus gets into the
company internal system havoc does reign.

I guess this does all amount to not much damage worldwide (NOT)!

2000\05\12@130358 by rleggitt

picon face
> "Khaled Mardam-Bey"
He's the author of mirc.

2000\05\12@133225 by Matthew Fries

flavicon
face
Job offers? Unlikely! This guy wrote one visual basic script about 1 page
long. It's not like he has the formula for cold-fusion or anything. Any
idiot can write a visual basic script (or more commonly, modify an
existing one). It does not mean that the guy knows anything other than how
to cause trouble. If he were hired by any of the organizations you
mentioned, they would be VERY disappointed.



On Fri, 12 May 2000, D Lloyd wrote:

{Quote hidden}

2000\05\13@130917 by picxpert

picon face
They're referring to the guy who wrote CIH, not LoveBug, I beleive. CIH was
interesting, to say the least - how many viruses can actually overwrite
parts of your ROM?

-Randy Glenn
PICxpertANTISPAMEraseMEspam.....techie.com (remove ANTISPAM)
http://i.am/PICxpert

"My Finder has died of fits, chokin',
My Finder has quite ceased to be.
OS X's new Finder looks broken,
Please bring back my Finder to me!" - A concerned Mac user

===========
To unsubscribe, send a message containing the text "unsubscribe PICLIST" to
EraseMELISTSERVspamMITVMA.MIT.EDU

Any questions about the list? http://www.piclist.com/

{Original Message removed}

2000\05\14@164243 by l.allen

picon face
Matt wrote

> Job offers? Unlikely! This guy wrote one visual basic script about 1 page
> long. It's not like he has the formula for cold-fusion or anything. Any
> idiot can write a visual basic script (or more commonly, modify an
> existing one). It does not mean that the guy knows anything other than how
> to cause trouble. If he were hired by any of the organizations you
> mentioned, they would be VERY disappointed.
>
>
>
You hit the nail on the head.
There seems to be some sort of perception that virus
writers are geniuses. Like writing a few lines of code that
crash windows is somehow better than windows.
Or that striking a match is harder work than building the
Cathedral that it burns down.

More like too ignorant write a decent programme that
wins acclaim or even financial reward.



_____________________________

Lance Allen
Technical Officer
Uni of Auckland
Psych Dept
New Zealand

http://www.psych.auckland.ac.nz

_____________________________

2000\05\15@050334 by D Lloyd

flavicon
face
Hi,

An "idiot" that caused $4.4 billion worth of damage........that would constitute
a good piece of espionage at the end of the day, in anyone's book. Unlikely that
an intelligence service would write a virus so slick (and so difficult to trace)
that it was obvious it was written by an "expert" from an intelligence
service.....why not just do the damage with a 'piss-simple' VB script? Besides,
that way, Microsoft get more bad publicity so everyone is pleased ; )

Dan

2000\05\15@143949 by William Chops Westfield

face picon face
>> An "idiot" that caused $4.4 billion worth of damage.

Say what?  The "$$$ damage" reports for computer crackers have always
seemed pretty suspect to me - similar to the "street values" reported
for large drug seizures.  I mean, where do you actually GET $4.4
billion?  X million computers infected, each of took a "computer expert"
(worth $$$/hour, of course) some time to fix?  NNN systems offline for
YY hours, at an average revenue rate of $$$, or charged CPU rate of $$?
Gimme a break.  Like anyone actually paid extra for someone to fix this,
or lost an order when they were offline that didn't come in later.  I
hear much of the lost time was in assorted government agencies?  Maybe
that ought to count as a benefit!

The "agents" in Los Alamos did a much more concrete bit of businness.
(not that there were any.  Accidents beat out malice yet again...)

BillW

2000\05\16@082541 by M. Adam Davis

flavicon
face
Well, lets do the math.  Assume a large company, say an auto company with 10,000
email-using employees in southeast MI.  On employee gets the virus mid-day and
runs it.  It infects their contacts (3/4 of which are internal employees).  From
there the email is exponential, even if only a few of the recipients actually
run the program.  By late afternoon (when the offices are closing, and the
plants are beginning their second shift) every plant and office worldwide has at
least a few employees who have run the virus.  The load on the mail servers runs
up way past the redline and messages start getting dropped.  Eventually some of
the servers halt altogether, and pagers start going off for the sysadmins.  At
this point the virus is still 'new' and these guys don't know much about it.
Their mail servers are flipping out (so they suspect another melissa variant)
but they can't check their own email (the servers are at best loaded to
capacity, at worst completely down) so they don't get messages from users about
a strange email they keep getting copies of.

Now, a good portion of this company's computer services are outsourced, so they
aren't just paying employees overtime, they are paying an outsource service
overtime (much more expensive) though this is offset a little by the fact that
most of their own staff are salary paid and don't get overtime.  We'll say that
they pay this company an extra $500,000 to remotely handle the hundreds of
servers and actively monitor them for the next week.

So these people need to work overtime.  They shut down/disconnect all the
servers in /each/ facility, and examine the contents of one.  They find the
virus, and determine a plan of action.  Here's the expensive part:  While a
script can get rid of most traces of the virus, and a few filters can keep it
from spreading much more, thousands of emails have been lost/dropped, schedules
have been moved back, parts aren't on order (and they are supposed to be), etc,
etc.  Because of this, the assembly lines in a few dozen plants are slowed or
stopped for several minutes or hours at a time over the next two weeks while
everything gets re-ordered, synchronized, etc.  Of course, there are about 300
employees per plant who have to stop working for, say 10 hours each over the
next two weeks in 5 plants.  The average emplyee makes $12/hour (actually much
more, but we'll be conservative here).  Therefore each plant loses $3,600/hour
just in labor (We'll ignore cost of electricity and other consumables used
during this time) and these five plants lose $180,000 JUST in labor.  They also
lose money because the effects cascade down through other plants to the point
where several cars are made late (and therefore not made- you can't just speed
up a plant to make up the difference without raising the cost of the car)

There are the countless hours each and every employee lost because they did not
have email access for a day or two.

In effect, the entire organization and each employee in this company 'lost' at
*least* 2 days of active work, if not a week of work.  Given that the average
employee is making about 15/hour (including benefits, UAW fees, etc) then they
lost between 2.4 million and 6 million dollars JUST in lost employee work time.
They also lost electricity (you should see the electric bill for one day at the
average plant - some plants have their own power stations) and other utilities,
they lost orders, they were talked into various hardware and software upgrades
to 'prevent future occurances', etc, etc.

Given that at least 100 companies in the US were affected by this to this extent
(which were this large) and then all of the other smaller companies which are
having issues on a smaller scale, I can easily see several billion dollars worth
of 'damage' (lost revenue) which these companies can claim.

-Adam

William Chops Westfield wrote:
{Quote hidden}

2000\05\16@084835 by Alan B Pearce
face picon face
>Given that at least 100 companies in the US were affected by this to this
extent
>(which were this large) and then all of the other smaller companies which are
>having issues on a smaller scale, I can easily see several billion dollars
worth
>of 'damage' (lost revenue) which these companies can claim.


Pretty good resume of the effects. It about matches what I saw here at my
employer in the UK.

2000\05\16@085705 by D Lloyd

flavicon
face
part 0 6523 bytes content-type:application/octet-stream;See below:



|------------->
|(Embedded    |
|image moved  |
|to file:     |
|pic00719.pcx)|
|             |
|------------->
 >------------------------------------------------------------------------|
 |"M. Adam Davis" <RemoveMEadavisEraseMEspamEraseMEUBASICS.COM>                                    |
 |16/05/2000 13:24                                                        |
 >------------------------------------------------------------------------|



Please respond to pic microcontroller discussion list <RemoveMEPICLISTspam_OUTspamKILLspamMITVMA.MIT.EDU>

To:   RemoveMEPICLISTTakeThisOuTspamspamMITVMA.MIT.EDU
cc:    (bcc: Dan Lloyd/GBPTD/ABB)
Subject:  Re: [OT] Claim to be a Philippine Virus

Security Level:?         Internal



Well, lets do the math.  Assume a large company, say an auto company with 10,000
email-using employees in southeast MI.  On employee gets the virus mid-day and
runs it.  It infects their contacts (3/4 of which are internal employees).  From
there the email is exponential, even if only a few of the recipients actually
run the program.  By late afternoon (when the offices are closing, and the
plants are beginning their second shift) every plant and office worldwide has at
least a few employees who have run the virus.  The load on the mail servers runs
up way past the redline and messages start getting dropped.  Eventually some of
the servers halt altogether, and pagers start going off for the sysadmins.  At
this point the virus is still 'new' and these guys don't know much about it.
Their mail servers are flipping out (so they suspect another melissa variant)
but they can't check their own email (the servers are at best loaded to
capacity, at worst completely down) so they don't get messages from users about
a strange email they keep getting copies of.

Now, a good portion of this company's computer services are outsourced, so they
aren't just paying employees overtime, they are paying an outsource service
overtime (much more expensive) though this is offset a little by the fact that
most of their own staff are salary paid and don't get overtime.  We'll say that
they pay this company an extra $500,000 to remotely handle the hundreds of
servers and actively monitor them for the next week.

So these people need to work overtime.  They shut down/disconnect all the
servers in /each/ facility, and examine the contents of one.  They find the
virus, and determine a plan of action.  Here's the expensive part:  While a
script can get rid of most traces of the virus, and a few filters can keep it
from spreading much more, thousands of emails have been lost/dropped, schedules
have been moved back, parts aren't on order (and they are supposed to be), etc,
etc.  Because of this, the assembly lines in a few dozen plants are slowed or
stopped for several minutes or hours at a time over the next two weeks while
everything gets re-ordered, synchronized, etc.  Of course, there are about 300
employees per plant who have to stop working for, say 10 hours each over the
next two weeks in 5 plants.  The average emplyee makes $12/hour (actually much
more, but we'll be conservative here).  Therefore each plant loses $3,600/hour
just in labor (We'll ignore cost of electricity and other consumables used
during this time) and these five plants lose $180,000 JUST in labor.  They also
lose money because the effects cascade down through other plants to the point
where several cars are made late (and therefore not made- you can't just speed
up a plant to make up the difference without raising the cost of the car)

There are the countless hours each and every employee lost because they did not
have email access for a day or two.

In effect, the entire organization and each employee in this company 'lost' at
*least* 2 days of active work, if not a week of work.  Given that the average
employee is making about 15/hour (including benefits, UAW fees, etc) then they
lost between 2.4 million and 6 million dollars JUST in lost employee work time.
They also lost electricity (you should see the electric bill for one day at the
average plant - some plants have their own power stations) and other utilities,
they lost orders, they were talked into various hardware and software upgrades
to 'prevent future occurances', etc, etc.

Given that at least 100 companies in the US were affected by this to this extent
(which were this large) and then all of the other smaller companies which are
having issues on a smaller scale, I can easily see several billion dollars worth
of 'damage' (lost revenue) which these companies can claim.

-Adam

William Chops Westfield wrote:
{Quote hidden}

*** I didn't do the math - I didnt need to (but thanks to Mr Davis); I do have
faith in the BBC Newsnight programme which is probably the most honest news
reporting on the planet (I sound like a Carlsberg ad!) and they gave the figure
as being that high. I have bigger fish to fry than to worry about it; my point
was that, for an "idiot", the guy caused a lot of damage which was compounded by
the moronocy of people who STILL manage to open email attachments no matter how
many times they are told that they are (/can be) extremely dangerous. Darwinism
with a technological slant, in my opinion. (Uh oh, here goes the evolution vs
creation debate). I am out of this thread *now*.....

Dan




Content-type: application/octet-stream;
       name="pic00719.pcx"
Content-Disposition: attachment; filename="pic00719.pcx"

Attachment converted: definition:pic00719.pcx (????/----) (000136C0)

2000\05\16@090945 by D Lloyd

flavicon
face
To cut out the rest...........

*** I didn't do the math - I didnt need to (but thanks to Mr Davis); I do have
faith in the BBC Newsnight programme which is probably the most honest news
reporting on the planet (I sound like a Carlsberg ad!) and they gave the figure
as being that high. I have bigger fish to fry than to worry about it; my point
was that, for an "idiot", the guy caused a lot of damage which was compounded by
the moronocy of people who STILL manage to open email attachments no matter how
many times they are told that they are (/can be) extremely dangerous. Darwinism
with a technological slant, in my opinion. (Uh oh, here goes the evolution vs
creation debate). Anyway, out of respect for not hogging bandwidth, I am out of
this thread *now*.....

Dan

More... (looser matching)
- Last day of these posts
- In 2000 , 2001 only
- Today
- New search...