WASHINGTON (Reuters) - The U.S. government warned computer users on Friday to steer clear of suspicious e-mail attachments after a sneaky new software scourge began bouncing across the Internet.
Attorney General Janet Reno said the threat was a variant of the ``love bug,'' a self-replicating e-mail attachment that clogged networks after emerging in Asia on May 4.
``If you receive an e-mail with a .vbs file extension, do not open it, even if it comes from a trusted source. Delete the e-mail from your system,'' Reno said.
The FBI has opened an investigation into ``a new, more destructive variant of the love letter worm,'' she told a regular weekly news briefing.
The ``NewLove.vbs'' virus targets users of Microsoft's Outlook program, arriving with ``FW:'' in the subject line. This signifies it has been forwarded by another user.
Unlike the original, the latest ``worm'' comes in a new guise each time it is retransmitted, making it harder for anti-virus products to keep it from erasing system files, the FBI-led National Infrastructure Protection Center (NIPC) said.
Michael Vatis, the NIPC chief who serves as Reno's top cyber cop, said his team began warning U.S. agencies of the threat at about 2 a.m. (0600 GMT) on Friday, ``just slightly'' after learning of it.
``We don't know yet exactly how widespread this is,'' Vatis said. ``In the early morning hours of today, we did have reports of upward of 1,000 machines being infected. I suspect it's somewhat larger than that now.''
Another government-funded computer emergency team, the CERT Coordination Center, said it was receiving queries but no direct reports of sites affected by the new threat.
As of 10 a.m. (1400 GMT), the CERT Coordination Center, based at Carnegie Mellon University in Pittsburgh ``has received no direct reports of infections related to this virus,'' said Kevin Houle, an incident response team leader.
Mikko Hypponen of F-Secure.com, a computer virus expert based in Finland, said the attention being paid to ``NewLove'' appeared to be ``overblown.'' His security company has ``not received a single direct report from our customers anywhere in the world on this,'' he said in an e-mail to Reuters.
``This thing is definitely not widespread,'' he said adding, however, ``It's still real, and it has been spotted in real companies.'' Hypponen said his firm had ``around 10 second-hand reports'' of infected companies in the United States, central Europe and Israel.
VBS stands for Visual Basic Script, the Microsoft computer language in which both the original ``love bug'' and the ''NewLove'' virus spread themselves.
Vatis said the latest scourge ``appeared to have started at least in significant part'' in the United States. He called it ''polymorphic,'' meaning it changed itself as it propagates.
The ``love bug' was easily identified because its subject line typically read ``ILOVEYOU.'' The new version is clever enough to grab a familiar name to spread malicious code.
``Our initial assessment is that this is more complex, as is typically the case with viruses you see in evolution,'' Vatis said, ``and this is the latest stage in the evolutionary process from the love letter virus.''
The latest computer menace is both a ``virus'' and a ''worm.'' Worms propel themselves through networks; viruses destroy files and replicate themselves by manipulating code.
The NIPC leads the multi-agency U.S. effort to detect, deter and warn of cyber and other threats to critical U.S. systems, including telecommunications, finance and power grids.
On Thursday, congressional investigators criticized the NIPC for failing to act more quickly to warn of the ``love bug'' two weeks ago. A computer student in the Philippines has said he may have accidentally released the ``love bug'' earlier this month.