When a computer virus claims to be a love message, it tends to spread really fast. This was what the ILOVEYOU virus was all about, as this Techspirited article explains.
Did You Know?
The ILOVEYOU virus is considered to be one of the most destructive computer viruses of all time.
The end of the 20th century saw rapid advances on the Internet. By August 2000, almost half of all US homes had Internet connectivity. As with any kind of development, the downsides of this technology became clear pretty fast.
The rising popularity of email played a key role in the global outbreaks of computer viruses; programs created specifically to harm computer systems. While only a few knew about viruses at the time, the slew of infections that followed ensured that, by the end of 2000, these malicious software would no longer remain obscure.
In January 1999, the Happy99 virus started the trend of malicious software spreading by email. While it did not cause much damage, it was followed by the Melissa worm (type of virus) in March, which cost a billion dollars to the global economy. However, these viruses were to be surpassed by an even more devastating software, which enticed users with an ‘I Love You’ message; something many would want to hear. Let’s understand how the ILOVEYOU virus spread, and the damage done by it.
The ‘ILOVEYOU’ Virus
ILOVEYOU, also called the ‘Love Letter virus’, was a computer worm in the guise of a love letter sent through email, which affected millions of computers worldwide in May 2000. The email carrying the worm looked like the following.
Subject ILOVEYOU
Content Kindly check the attached LOVELETTER coming from me.
Attachment LOVE-LETTER-FOR-YOU.TXT.vbs
How Did it Work?
Simply opening the email did not activate the worm; opening the attachment did. The attachment was written in Visual Basic Script (.vbs or .vbe), which is a programming language used by Microsoft systems. Files written in the VBS script contain instructions that tell the computer to perform certain tasks.
By default, Windows operating systems hide the file extensions. Therefore, the real file extension .vbs or .vbe is concealed. The creators of the virus exploited this property, by giving another (fake) extension .TXT (for text files) before .vbs, which is not hidden by Windows. Since opening text files does not run any programming code, they are considered safe to open. So, recipients of the infected email readily opened the attachment, assuming it to be a text file.
Damage Done by the ILOVEYOU Virus
On being opened, the worm accessed the Microsoft Outlook address book, and sent the email to all contacts present in it.
It modified the Windows registry, so that the file would be executed every time the system was booted.
It located any files with .hta, .js, .jse, .css, .wsh, .sct, .jpg, .jpeg, .vbs, .vbe, and .doc extensions, and rewrote its own code in them, to serve as a backup for the virus.
The virus hid files with .mp2 and .mp3 extensions (multimedia), and made copies of itself in their names.
The worm downloaded a file from the Internet, which stole the user’s passwords and mailed them to a particular email ID.
How and Where Did it Originate?
Beginning in the morning of Friday, May 5, 2000, offices across Asia, Europe, and the United States discovered that their Internet servers were clogged, rendering work difficult.
Since Microsoft Outlook is a popular email application used by corporations, they were especially vulnerable. Moreover, the virus spread via the address book, meaning that the recipients knew the sender. As a result, industrial giants like Ford Motor Company, establishments like the Pentagon and the British Parliament, were forced to go offline.
In just a few hours, the effects of the ILOVEYOU virus were felt by millions of Internet users around the world. As investigations proceeded, it was discovered that the virus had originated from the Philippines, and spread westwards to Hong Kong, from where it went on to infect Europe and the United States. Finally, Filipino authorities zeroed in on two suspects in a Manila neighborhood – Reonel Ramones and Onel de Guzman.
Ramones and Guzman were dropouts of a computer university in Manila. Guzman had failed to graduate, because he had submitted a dissertation that showed how to steal Internet login passwords for free access. However, because there was no law for creating malicious software in the country at the time, both suspects were let off without any charges.
Just 10 days after the outbreak, the ILOVEYOU worm had infected nearly 50 million computers; 10% of all computers worldwide. It caused a loss of between $5 to 9 billion globally, with $15 billion spent by the United States to tackle the outbreak. For this reason, it ranks among the most devastating viruses till date.