Swiss Bank Giant UBS Hit by LoveBug Strain

Aug. 17, 2000 -- A new variation of the “Love Bug” computer virus is targeting the Swiss banking giant, United Bank of Switzerland.

No damage from it has been reported yet, and only a small part of its online customers are at risk, the bank said in a statement. Anti-virus software filters activated by UBS specialists stopped the spread of the virus at the bank, it said.

UBS, one of the largest banks in the world, said it is still unclear who was responsible for the virus, a variant of the original Love Letter virus that circulated in May, wreaking havoc on millions of computers worldwide. But the bank said it is preparing legal action against whoever was behind the recent attack.

Today Kasperksy Lab, the Moscow-based IT security company, is warning that the new LoveBug strain is resurfacing in Russia and Switzerland, “with a vengeance,” according to, a site devoted to security topics.

New Strain vs. Original Virus

The original virus struck computers in early May, coyly seducing computer users around the world to click on the “ILOVEYOU” attachment while maliciously unleashing a virus that shut down e-mail systems in businesses and government agencies worldwide

Like its predecessor, the new virus strain is disguised as an e-mail enticing readers to open it. This time, RESUME.TXT shows up as the name of the attached file. Previous variations’ headers include “ILOVEYOU,” “FWD: JOKE,” “Mother’s Day Order Confirmation,” “Important! Read carefully!!” “Virus ALERT!!!” “Recent Virus Attacks-Fix.”

There have been unconfirmed reports that this virus may also be received masquerading as a job offer from a company named Stuart Atkinson, complete with Web and e-mail addresses, according to iDEFENSE Intelligence Services, an intelligence company based in Fairfax, Va.

A user must double-click on or open the attachment in order for the virus to work. Once launched, it appears to open the attached resume in the Notepad program, which is bundled with all versions of Microsoft’s Windows. It also hijacks Microsoft’s Outlook e-mail program and attempts to send itself out to every e-mail address contained in the address book.

Steals Passwords

With echoes of the original “Love Bug” virus, the new strain also tries stealing passwords. It searches for information in the Windows Registry — which contains a huge database of information on hardware configuration, user profiles, device drivers and system applications — that would allow it to get UBS-specific online banking information, such as passwords and pin numbers. If it finds the correct information, it sends the customer’s information to several e-mail accounts. Unlike the virus program it appears to be loosely based on, the new variant seems to specifically target UBS.

Non-UBS customers are safe from the password-stealing function, said Graham Cluley of the antiviral company Sophos. On their machines, the virus just spreads.

“Of course, spreading itself is bad enough because of the e-mail tornado it creates,” Cluley said.

The bank said this part of the virus would be stymied if users had the UBS Pin software installed on their computers, according to instructions.

Antivirus updates are already available, according to UBS, which called on any customers who opened the attachment to cancel their e-banking authorization by typing in the wrong password three times and to contact a bank hotline.

It insisted that the bank’s system was “a safe and reliable Internet banking solution.”

Not the First Time

This isn’t the first virus to target a specific company. This June, a virus called “Timofonica” spammed Spanish cell phones with a screed against the phone company Telefonica. The targeted password-stealing elements have been seen before, too — several Trojan Horse programs have stolen America Online passwords in the past.

As more people have more passwords to more online services, and they rely on their computers to keep the passwords, they’re courting danger from electronic interlopers, Cluley said.

“One of the dangers is, lots of people think, ‘only I use my computer,’ and so they get their computers to remember all their passwords and PIN numbers. They shouldn’t,” the antiviral expert said. “If either little Jimmy or your mad granny or a virus starts using [the computer],” they could get access to your accounts, he said.

The Associated Press contributed to this report.