Recalling the ILOVEYOU worm from 20 years ago

May 6, 2020 | Edwardo Rodriguez

Twenty years ago, the ILOVEYOU worm utilized the most basic human emotion, the desire to be loved. It replicated itself at unprecedented rates that spurred the imagination of hackers and the cynicism of the general public. The on-line world was never the same.

As with all worms, the ILOVEYOU worm operated as a standalone program.  It is a Visual Basic script that was circulated as a file named LOVE-LETTER-FOR-YOU.TXT.vbs.  It came attached to an e-mail with a three-word subject line, and a body that consisted of one sentence. 

And that’s it.  There was no urgent push to “Read now!  Now! Now!”  No promise of good fortune if you open the attachment.  No threat of your bank account being closed if you don’t open it.  It was just a handful of words asking you to please open the attached love letter. 

And when you did, (in the original strain) it made copies of itself, hid itself, became persistent on bootup, manipulated your media files, and of course propagated to more computers by sending the same email to everyone in your address book.  So, on May 5, 2000 the whole world was getting love letters via email.  It appeared to the reader as if it were from a familiar source and had none of the spammy language users were accustomed to watch for by then.  And every single hopeful or curious double click to see the contents of the letter resulted in another batch of the worms being sent out. 

It is estimated that in less than 24 hours, the virus spread to 45 million computers around the world and ultimately (after inspiring over 26 strains) caused $15 billion in damage reaching 10% of the world’s computers.  This may not sound significant compared to the cost of ransomware and damages from other cybersecurity incidents we have seen since 2000 but, at the time, this rate of spread was unheard of. 

The year 2000 was a different time when anti-virus wasn’t seen as a necessity for every computer. Many companies mitigated the risk by simply disconnecting their mail servers.  Can you imagine any company shutting down their mail server today for risk mitigation?  The world, having earlier survived the theorized Jan 1, 2000 Y2K meltdown and feeling optimistic about the role of computers in our lives, went to bed a less trusting on-line community twenty years ago.

We live in a much different world than the one upon which the ILOVEYOU worm was released, but the underlying human exploit is still there.  The desire to feel loved among other basic human emotions are buttons waiting to be pushed by malicious actors.

Pictture of a suspicions person on a computer keyboard

In these days of uncertainty caused by the COVID-19 biological virus, fear is a button begging to be pushed.  These fears make it more likely for someone to click on an attachment or link claiming to provide updates and warnings about the situation.  So please stay alert for those COVID-19, Zoom™, Teams, and other work-from-home themed phishing attempts and let’s avoid creating any new anniversaries for worldwide malicious events.

Edwardo Rodriguez

About the Author: Edwardo Rodriguez

Edwardo Rodriguez joined the Managed Threat Detection and Response (MTDR) team as a Tier I analyst on November 2019. Edwardo’s previous experience includes consulting as a detection analyst for the world’s largest futures exchange . He considers alarm fatigue the enemy and presents clients with investigations that cut to the bottom line. His favorite part of the job is two way communication with clients that result in risk mitigation and detecting those indicators that get missed with one way dialogue.

Read more posts from Edwardo Rodriguez ›

‹ BACK TO ALL BLOGS

Get the latest security news in your inbox.

Subscribe

RSS

Get price Free trial