When it comes to computer viruses, there’s no shortage of large-scale incidents to refer back to. But one event in particular stands out, largely due to the fact it remains among the biggest ever recorded 25 years later.
The ‘ILOVEYOU’ virus, also known as ‘Love Bug’ or ‘Loveletter’, infected over ten million Windows devices in early May 2000, causing huge damage to devices globally and impacting consumers and businesses alike – from multinational companies such as Ford to even the UK Parliament.
The virus was spread by a simple email message, a tactic still used frequently by threat actors today to dupe unsuspecting users. On the morning of May 5 2000, users around the world were met with an email with the subject line “ILOVEYOU” containing an attachment, “LOVE-LETTER-FOR-YOU.TXT.vbs”.
The ILOVEYOU virus was among one of the earliest – and worst – examples of exploiting vulnerabilities in Microsoft’s email client.
At the time, Windows computers would automatically hide visual basic script (VBS) file extensions, meaning that users viewing the attachment would assume this was a simple text file with a message.
Opening the file would activate this script, however, and the virus was then uploaded to the affected device.
Clicking the attachment proved fateful for millions of users. Initially, nothing appeared to happen, but a quick browse through files stored on the device would show they were corrupted, renamed, or deleted.
To add insult to injury, their contacts were also sent the same email, thereby spreading the virus further and overwhelming corporate email servers.
Windows held an iron-tight grip on the personal computer space at that time, boasting a 95% market share – so you can imagine the scale of the damage.
Analysis from Kaspersky shows the total global impact of the virus was seismic, with up to 10% of all internet-connected computers infected at the time. Similarly, follow-up variants also wreaked havoc on IT teams at the time, and the total financial impact stands at somewhere in the region of $10 billion.
This wasn’t the first instance where Windows practices were exploited to spread malicious scripts. In fact, a few years prior in 1995, the WM/Concept.A virus targeted Microsoft Word documents by manipulating VBS macros.
Similarly, in March 1999 the Melissa internet word also distributed malicious code via Microsoft Word – again, this was proliferated through Outlook and operated in a similar fashion to the ILOVEYOU virus by harnessing the infected user’s contacts list.
Who was responsible for the ILOVEYOU virus?
The architect behind the infamous virus, Onel de Guzman, was a student at the time studying at AMA Computer College in the Philippines. The inspiration behind this reportedly lay in de Guzman’s goal of improving internet access in developing countries.
At the time, internet access in the Philippines was charged by the minute, which proved exclusionary to many in the country.
According to reports from CNN, de Guzman presented a draft thesis which proposed essentially stealing Windows passwords and accounts to help “piggyback” on connections of those in developed countries.
This, he argued, would allow users to “spend more time on the internet without paying”.
Guzman was quickly identified as a suspect in the incident, but he did not serve a custodial sentence. At the time, the Philippines had no legislation covering computer-related crimes. While attempts were made to charge him with fraud, these were dropped.
In the run-up to the 20th anniversary of the virus, Guzman admitted to creating and spreading the virus as part of an interview with Crime Dot Com.
I didn’t expect it would get to the US and Europe. I was surprised,” he said.
You might also like
https://cdn.mos.cms.futurecdn.net/G8QNviZt3KrDbfWVANJrNM.jpg
Source link
