Close this search box.

Throwback Attack: ILOVEYOU, a Love Letter No One Wanted

Test 2 Alt Text
Courtesy: CFE Media and Technology

Most people would be happy to open their computer to see a love letter; however, starting on May 4, 2000, the terms “love letter” and “Love Bug” took on a whole new meaning. Windows users began receiving emails titled ILOVEYOU that came with a malicious attachment. Within 10 days, this worm had infected more than 50 million people. According to a Forbes article written by Davey Winder, it was estimated that as many as 10% of all internet-connected computers in the world were affected by the ILOVEYOU virus.

The beginning of ILOVEYOU

This unfortunate love story started in the Philippines and was delivered with the subject line ILOVEYOU along with instructions to read the attached email. The virus was tracked to an email address registered to an apartment in Manila, which led to Onel de Guzman. He created the Love Bug virus, not thinking it would reach as many people as it did. In 2000, Guzman, 24, was a computer science student at the AMA Computer College. Within 24 hours of releasing the virus, it had spread across the world.

The ILOVEYOU virus was one of the first eye-openers as to how damaging spam emails could be. Until that point, spam was an annoyance, not destructive, which makes sense because this was one of the first major computer virus outbreaks. In 1988, the Morris Worm was the first worm attack, but that attack’s goal was to create panic on the internet. The goal of the Love Bug was to steal passwords and disrupt information.

The ILOVEYOU Worm Effect

Due to the way this virus multiplies and spreads, it is categorized as a worm. It self-replicates, which means that it can send copies of itself through a network without any action from an actual person. Having a virus of this nature was a new concept. Once a user opened the email, the virus executed a visual basic script, which was hidden by the default view on Windows. The title of the email that people actually saw ended in .txt instead of the true ending of .vbs, which is an essential trick that allowed the virus to take off. Without seeing the .vbs ending, people were more likely to open it thinking it was from a loved one.

The worm would then steal passwords and overwrite files, including both documents and photos stored on any device connected to the original affected computer. Meanwhile, it would also go into the Microsoft Outlook Windows contact list and send a copy of itself to that entire list, starting the cycle over again.

Economic impact

The efforts to recover data from affected systems and remove the infection cost as much as $10 billion, according to Winder. Government agencies, such as the Pentagon, CIA and the U.K. Parliament, were also affected and, as a consequence, all shut down their email. Information technology (IT) systems around the world were shut down from overload, due to computer systems not being made to process this type of virus, or turned off in an effort to prevent spread of the infection.

This virus was especially effective because no one took the threat seriously. If they had, it could have reduced the impact significantly. At that time, most people weren’t acquainted with malware and didn’t understand the lasting effects it could have. There was a previous mass-mailing macro virus, the Melissa bug, that used similar strategies, but the Love Bug surpassed this outbreak fiftyfold. The Melissa virus wasn’t classified as a worm but did target Microsoft Word- and Outlook-based systems. It affected close to a million machines.

Cybersecurity impact

The Love Bug had a highly publicized introduction to the world. As one of the first examples of malware, it changed the way people viewed and used both email and the internet. The deception of the email being from a loved one paired with it sending itself to people’s personal contact lists, hardened people. They now knew to be more apprehensive and less trusting of emails.

Guzman, the creator of ILOVEYOU, was never prosecuted because there weren’t any laws against hacking at that time in the Philippines. Geoff White, a reporter at BBC News, was able to track down and interview Guzman in 2020. In the article, Guzman said he regrets the damage he caused and revealed that he made Love Bug to steal passwords so he could have access to the internet without having to pay. After this fiasco, he never went back to college. He now works at a booth in a mall, repairing phones.

More than two decades later, people are more informed, but malware is always evolving, and there are constantly new ways these types of attacks affect systems.




Keep your finger on the pulse of top industry news