ILOVEYOU!

I would think at some point in time we’ve all had a run in with some kind of Computer virus or at the very least, your Anti Virus software flashing a terrifying warning at you to inform you it has detected something bad and your computer is about to self destruct and all your personal data is being vacuumed up by some unknown digital entity.

We’re very lucky that the Anti Virus software we run on our machines or a browsers built in software is now very capable of detecting and warning you about potential risks before you have a chance to execute them and deploy lots of malicious files into your machine.

However, things weren’t always so good….

Before we get into what life was like browsing the internet in the early 2000’s we should take a look at what a computer virus is.

A computer virus is a program or piece of code designed to damage your computer by corrupting system files, wasting resources, destroying data or otherwise being a nuisance.

Viruses are unique from other forms of malware in that they are self-replicating — capable of copying themselves across files or other computers without a user’s consent.

Basically, they are really contagious.

Not every piece of software that attacks your PC is a virus. Computer viruses are just one kind of malware (mal-icious soft-ware). Here are some of the other, most common kinds:

• Trojans: like the ancient wooden horse full of attackers it takes its name from, this malware pretends to be harmless legitimate software, or comes embedded in it, in order to trick the user and open up the gates for other malware to infect a PC.
• Spyware: with examples such as keyloggers, this kind of malware is designed to spy on users, save their passwords, credit card details, other personal data and online behavior patterns, and send them off to whoever programmed it.
• Worms: this malware type targets entire networks of devices, hopping from PC to PC.
• Ransomware: this malware variety hijacks files (and sometimes an entire hard drive), encrypts them, and demands money from its victim in exchange for a decryption key (which may or may not work, but it probably won’t).
• Adware: this exceedingly irritating kind of malware floods victims with unwanted ads, and opens up vulnerable security spots for other malware to wiggle its way in.

To recap, viruses are just one of several kinds of malware out there. Strictly speaking, Trojans, ransomware, etc, are not computer viruses, though many people use the shorthand “virus” to refer to malware in a general sense.

The ILOVEYOU virus initially traveled the Internet by e-mail, just like the Melissa virus. The subject of the e-mail said that the message was a love letter from a secret admirer. An attachment in the e-mail was what caused all the trouble. The original worm had the file name of LOVE-LETTER-FOR-YOU.TXT.vbs. The vbs extension pointed to the language the hacker used to create the worm: Visual Basic Scripting

Melissa is a fast-spreading macro virus that is distributed as an e-mail attachment that, when opened, disables a number of safeguards in Word 97 or Word 2000, and, if the user has the Microsoft Outlook e-mail program, causes the virus to be resent to the first 50 people in each of the user’s address books.

According to anti-virus software producer McAfee, the ILOVEYOU virus had a wide range of attacks:

• It copied itself several times and hid the copies in several folders on the victim’s hard drive.
• It added new files to the victim’s registry keys.
• It replaced several different kinds of files with copies of itself.
• It sent itself through Internet Relay Chat clients as well as e-mail.
• It downloaded a file called WIN-BUGSFIX.EXE from the Internet and executed it. Rather than fix bugs, this program was a password-stealing application that e-mailed secret information to the hacker’s e-mail address.

On the machine system level, ILOVEYOU relied on the scripting engine system setting (which runs scripting language files such as .vbs files) being enabled, and took advantage of a feature in Windows that hid file extensions by default, which malware authors would use as an exploit.

Windows would parse file names from right to left, stopping at the first period character, showing only those elements to the left of this. The attachment, which had two periods, could thus display the inner fake “txt” file extension.

Text files are considered to be innocuous, as they are normally incapable of running executable code.

The worm used social engineering to entice users to open the attachment (out of actual desire to connect or simple curiosity) to ensure continued propagation. Systemic weaknesses in the design of Microsoft Outlook and Microsoft Windows were exploited that allowed malicious code capable of complete access to the operating system, secondary storage, and system and user data simply by unwitting users clicking on an icon.

The malware originated in the Pandacan neighborhood of Manila in the Philippines on May 5, 2000, thereafter following daybreak westward across the world as employees began their workday that Friday morning, moving first to Hong Kong, then to Europe, and finally the United States.

The outbreak was later estimated to have caused US$5.5–8.7 billion in damages worldwide, and estimated to cost US$15 billion to remove the worm.

Within ten days, over fifty million infections had been reported.

It is estimated that 10% of internet-connected computers in the world had been affected.

Damage cited was mostly the time and effort spent getting rid of the infection and recovering files from backups.

To protect themselves, The Pentagon, CIA, the British Parliament and most large corporations decided to completely shut down their mail systems.

The ILOVEYOU virus infected computers all over the world. At the time it was one of the world’s most destructive computer related disasters ever.

Since there were no laws in the Philippines against writing malware at the time, both Ramones and de Guzman were released with all charges dropped by state prosecutors.

To address this legislative deficiency, the Philippine Congress enacted Republic Act №8792, otherwise known as the E-Commerce Law, in July 2000, just two months after the worm outbreak.

In 2002, the ILOVEYOU virus obtained a world record for being the most virulent computer virus at the time.

Originally published at medium.com on December 13, 2018.