Love Virus

Fifteen years ago today, millions of people around the world received the same exact email from someone they knew.

“Kindly check the attached LOVELETTER coming from me,” read the email, which had “ILOVEYOU” as a subject.

The missive included an attachment that looked like a text file named “LOVE-LETTER-FOR-YOU.”

But there was no love in that letter—just a destructive, self-spreading computer virus. The bug was programmed to replace all files with media extensions such as images, documents and mp3s with copies of itself. Then, the worm would send an identical email around to all the contacts of a victim’s Outlook address book.

The virus came to be known as the ILOVEYOU worm, or LOVEBUG. At the time, it was the biggest computer virus the world had ever seen, and the "first successful use of social engineering," according to Mike Donnelly, a security engineer at Bromium

“We had seen some virus storms before this, but never anything on a scale like this.”

“We had seen some virus storms before this, but never anything on a scale like this,” said Philip Menke, a consultant at Intel Security who at the time was working at the EMEA helpdesk of McAfee (which has since been acquired by Intel). “A computer virus until that stage never made headline news, this is maybe one of the first times that people realized how important and indispensable the digital, wired economy had become.”

Reports at the time said it infected more than 45 million computer users, all lured by the promise of a heart-warming love letter.

“There was nothing particularly clever about the Love Bug's code that explained why it had spread so widely so quickly,” Graham Cluley, a well-known computer security expert, wrote six years ago in a blog post reminiscing about the bug. “The reason for its ‘success’ was that it had tapped into a universal need: the desire to be loved.”

The number of victims perhaps doesn’t even explain all the damage the virus made. With so many victims hit, many mail systems around the world completely overloaded, Menke recalled, causing “huge chunk of the businesses and governments to fully grind down to a halt.”

At the time, when email spam filters and antiviruses were still not as sophisticated, when email malware was still rare, that’s all ILOVEYOU needed to cause havoc.

“The general idea in those days was that just opening a mail could never do any harm.”

“The general idea in those days was that just opening a mail could never do any harm,” Menke told Motherboard. “And this was one of the first cases where that exactly was all that was needed.”

To have an idea at the panic it caused among security professionals, who scrambled to respond to a rapidly expanding problem, just take a look at some of the emails they exchanged on the Usenet mailing list alt.comp.virus on May 5, the day the virus hit Europe and the US after spreading from the Philippines on May 4.

Onel de Guzman and Reonel Ramones, two young members of an underground group of computer science students that called itself GRAMMERSoft, were quickly identified as the potential culprits of the virus spread.

Ramones was arrested, while de Guzman went into hiding for a few days, only to reemerge to admit that it was “possible” that he mistakenly sent out the virus, but denied direct responsibility, a position he long repeated.

“I admit I create viruses, but I don't know if it's one of mine,” he told the New York Times a few months later.

“I admit I create viruses, but I don't know if it's one of mine.”

Neither him nor Ramones were never charged, since at the time, law in the Philippines did not include computer crimes.

15 years later, the world of information security, which is often referred to as cybersecurity much to the chagrin of many industry insiders, has changed radically. Gone are the days of accidental, widespread and destructive virus infections. Now, targeted attacks and “APTs,” or advanced persistent threats, grab headlines seemingly every week.

Yet, ILOVEYOU, taught us something that is still valid today.

“Viruses today live on Facebook, on the web and even in mail, but they still want you to open that attachment, click that link or open that pdf,” Menke said.